Our team treat data protection and security as a top priority. To this end, we are audited and certified for ISO27001 (Information Security), ISO27017 (Cloud Security) and ISO27018 (Data Privacy)
These ISO information security standards includes areas such as:
Code of Conduct
Data Protection Policy
Security Incident Management
Plus following ISO-27001 controls
A.5: Information security policies
A.6: Organization of information security
A.7: Human resource security
A.8: Asset management
A.9: Access control
A.11: Physical and environmental security
A.12: Operations security
A.13: Communications security
A.14: System acquisition, development and maintenance
A.15: Supplier relationships
Our proactive data security measures include the following.
Software level security:
- We ensure we run up-to-date software components verified with vulnerability scanners.
- We apply encryption on all sensitive data (in transit and at rest).
- Encryption keys are kept on separate host from where data resides.
- All nodes run on hardened Operating Environments, which consists of custom bare-bone Linux kernels with no extraneous software packages or functions.
- All connections to our Cloud infrastructure is protected with 256-bit SSL/TLS.
- Industry-standard firewalls guard all network access to our infrastructure. This include real-time packet sniffing software to detect network intrusion, and host-based intrusion detection systems on all operating nodes.
- Internet-facing nodes are checked with regular penetration testing.
- All network-level access is logged with real-time alerts on suspicious activity.
- We apply strict internal procedures with regards to data access on our systems and our support personnel have access to data only on a need-to basis.
- Our support team is trained to counter social engineering by malicious parties.
- Any data that passes through our service is strictly protected and never divulged to outsiders.
- We do not sell marketing databases, so there is zero possibility of any conflict of interest.
- For customers on Basic Plan and higher, your messaging data stays within Singapore and is not routed to any foreign 3rd-party sub-contractor.
- Entire disk volumes that contain customer data are encrypted.
- Databases are backed up on real-time basis to a replica, then backed up again nightly, which in turn is backed up again by the underlying storage systems.
- Our servers are hosted with a major Cloud provider which confirms to the MTCS Level 3 standard (Pro Plan customers with a formal SLA can contact us to request for a copy of the certification documents)
Do get in touch with us should you have further questions with regards to your data!