Skip to main content
Is My Data Secure

Protecting your data with a SOC 2 compliant service

Ramon avatar
Written by Ramon
Updated over 6 months ago

Several layers of data security is built into our service to protect your data including your files and personally identifiable information (PII).

Encryption

  • All customer data stored in our service is encrypted using industry standard AES-256 encryption

  • End-to-end 256 bit HTTPS SSL encryption during data transfer

  • No financial data or credit card information is stored in any or our servers

  • Any user passwords are stored as one-way hashes, no one has access to your passwords

Firewalls

  • All ports and network interfaces are blocked by default using our global & regional Web Access Firewalls

  • Global firewall rules can detect and counter Denial of Service attacks

  • Combination of continuously updated rules to mitigate OWASP threats

  • Automatically ban know bad actors' IP addresses

  • Periodic third-party security vulnerability scans on all our public endpoints

Disaster recovery

  • In the event of server failure, all critical systems have redundant failover to prevent service disruptions

  • Customer data is replicated in at-least 3 data centers

  • Application load balancer can automatically route to new instances should any of them become unhealthy

Source Code

  • Continuous static code analysis of all our code using the latest AI/ML code scanners

  • We use a Continuous Integration and Continuous Delivery pipeline to test every code change

  • All dependencies including OS are automatically scanned for security vulnerabilities

  • No PII is logged by our code to ensure developers only work with anonymized data

Secrets & Password Management

We follow industry best practices for tracking secrets, passwords & keys that may be needed in any production or development systems.

  • No employee has access to ant master access keys

  • Access keys are never stored in any version control system, plaintext or files

  • Secure secret manager service is used by our servers to fetch needed keys & secrets

  • Developers do not have direct access to any production system, software updates are automatically deployed without human intervention

  • Secure industrial strength password manager is used by staff to access their own keys and never shred via email or chat

Employee Training

  • All employees have been trained on best practice security policies

  • Our employees are granted least privileged, minimal role based access to resources for troubleshooting on a need basis

  • Any employee access to sensitive data is audited and monitored

SOC2 Compliance

  • Crop.photo is a SOC 2 compliant service. You can read more about that here.

  • SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA) focusing on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

  • It's designed to ensure service providers like Crop.photo manage and protect customer data with the highest standards of care and attention.
    โ€‹

Did this answer your question?