Servers

Certainly uses Amazon Web Services (AWS) and Microsoft Azure Cloud (Azure) to host our services and complies with the same SSAE16 SOC 1, 2 and 3, ISO 27001 and FedRAMP/FISMA reports and certifications as they do. Only authorized personnel have physical access to the secured data centers which contain the servers on which web servers and databases are running. The data centers are in Frankfurt, Germany and Ireland. Access is restricted, monitored and all logs are documented.

Amazon Web Services has detailed descriptions of data storage, security and compliance on the web pages here below:

• Data Centers and Security: aws.amazon.com/security
• Data Compliance: aws.amazon.com/compliance
• Data Protection: aws.amazon.com/compliance/eu-data-protection

Azure has detailed descriptions of data storage, security and compliance on the web pages here below:

• Data Centers and Security: azure.microsoft.com/en-us/global-infrastructure/locations
• Data Center location and Storage: microsoft.com/en-us/trust-center/privacy/data-location

Logging and monitoring

We continuously monitor and log all systems as do our service providers.

Secure Network

Support team

Our team of DevOps is available 24/7 in emergency cases relating to security intrusion or possible threats.

Secure HTTPS

We use secure HTTPS transport to protect our network communication over public networks..

Data Access

There is restricted access to the Certainly Production System and employees go through a thorough two-factor authentication before gaining access to the system. Data access is controlled and monitored on a regular basis by our DevOps team.

Data Encryption

Data in transit is encrypted through HTTPS and TLS with an "A-" score against SSL Labs security tests. Data at rest is encrypted using the 256-bit Advanced Encryption Standard (AES-256).

Secure Development (SDLC)

Separate Environments

The platform has a production and a staging environment which are completely separated from one another. This prevents in any private customer data be used in the staging environment.

Authentication

System configurations and integrations can only be accessed and administered through the console by Certainly lead developers.

Secure Credential Storage

No user passwords are stored in Certainly databases and credentials go through a secure SOC 2 compliant third-party.

API Security & Authentication

Certainly's API security and authentication happens through an SSL link and the verification of the user. Username and password or a JWT request are the methods of authentication used in authorizing against the API.

Employee Check and Agreements

Background Checks

Background checks are done on all new employees starting at Certainly in accordance with local laws. After the screening and hiring process, employees have to sign a Non-Disclosure and Confidentiality agreements. We also ensure that only employees with a work-related purpose have access to the personal data.

Contact

If you have any questions relating to our Data Policy please email us at privacy@certainly.io.