Skip to main content
All CollectionsSecurityData Privacy
Is My Data Secure
Is My Data Secure

Protecting your data with a SOC 2 compliant service

Ramon avatar
Written by Ramon
Updated over 10 months ago

Several layers of data security is built into our service to protect your data including your files and personally identifiable information (PII).

Encryption

  • All customer data stored in our service is encrypted using industry standard AES-256 encryption

  • End-to-end 256 bit HTTPS SSL encryption during data transfer

  • No financial data or credit card information is stored in any or our servers

  • Any user passwords are stored as one-way hashes, no one has access to your passwords

Firewalls

  • All ports and network interfaces are blocked by default using our global & regional Web Access Firewalls

  • Global firewall rules can detect and counter Denial of Service attacks

  • Combination of continuously updated rules to mitigate OWASP threats

  • Automatically ban know bad actors' IP addresses

  • Periodic third-party security vulnerability scans on all our public endpoints

Disaster recovery

  • In the event of server failure, all critical systems have redundant failover to prevent service disruptions

  • Customer data is replicated in at-least 3 data centers

  • Application load balancer can automatically route to new instances should any of them become unhealthy

Source Code

  • Continuous static code analysis of all our code using the latest AI/ML code scanners

  • We use a Continuous Integration and Continuous Delivery pipeline to test every code change

  • All dependencies including OS are automatically scanned for security vulnerabilities

  • No PII is logged by our code to ensure developers only work with anonymized data

Secrets & Password Management

We follow industry best practices for tracking secrets, passwords & keys that may be needed in any production or development systems.

  • No employee has access to ant master access keys

  • Access keys are never stored in any version control system, plaintext or files

  • Secure secret manager service is used by our servers to fetch needed keys & secrets

  • Developers do not have direct access to any production system, software updates are automatically deployed without human intervention

  • Secure industrial strength password manager is used by staff to access their own keys and never shred via email or chat

Employee Training

  • All employees have been trained on best practice security policies

  • Our employees are granted least privileged, minimal role based access to resources for troubleshooting on a need basis

  • Any employee access to sensitive data is audited and monitored

SOC2 Compliance

  • Crop.photo is a SOC 2 compliant service. You can read more about that here.

  • SOC 2 is a framework developed by the American Institute of Certified Public Accountants (AICPA) focusing on five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.

  • It's designed to ensure service providers like Crop.photo manage and protect customer data with the highest standards of care and attention.
    ​

Related Articles
How do I Delete My Account Data?
SOC 2 Compliance
How to use Crop.photo Shopify App?
Did this answer your question?