Data at rest on our platform refers to the secure storage of client data within our AWS database. We prioritize the protection of this information by employing encryption at rest, ensuring that data remains unreadable without the proper decryption keys. This involves leveraging AWS Key Management Service (KMS) for robust key control. Access controls, implemented through AWS Identity and Access Management (IAM) policies, dictate and monitor authorized personnel's access to the stored data.
Data in transit refers to the state of data when it is actively moving between different locations or systems. We employ industry-standard protocols, specifically SSL/TLS and HTTPS, to establish secure connections to data stores.
SSL/TLS protocols encrypt the data during transmission, making it unreadable to unauthorized entities. By utilizing HTTPS, which is a secure extension of HTTP, our platform ensures that all communication between users and data stores is encrypted, minimizing the risk of interception or tampering.
In our platform, secrets management is handled efficiently through AWS services. Specifically, AWS Secrets Manager manages the lifecycle of secrets, ensuring secure storage, retrieval, and rotation, while we rely on AWS Key Management Service (KMS) for encryption key control. KMS is crucial in creating and managing encryption keys, adding an extra layer of security to the secrets stored.
Client data can be stored in any of the available AWS regions, allowing us to adhere to specific data residency requirements or regulations. Clients can choose the geographical location where they want to store data, aligning with regional compliance standards or organizational policies.
