Security is a continuous effort that we are always working on, to secure your data. In the course of building the platform, we have received many questions on the Hows and Whats. Do reach out if this doesn't cover what you need to know.
1. Do we use cloud services?
2. What cloud providers do we use?
Amazon AWS, Google Cloud, and Cloudflare.
3. Which country you will be storing/processing/transmitting the data?
Singapore. If you do require it to be in another country, we can provide that service at a different pricing/plan.
4. Is sensitive data encrypted using an industry standard encryption algorithm?
Yes, in transit and storage.
5. Is data encrypted while in transit? Is it encrypted while residing on the firm's servers?
Data is encryption in transit with SSL, and encrypted at rest in our Amazon RDS.
6. Will the cloud provider have uncontrolled access to the cloud consumer’s data?
We have limited access to consumer's data, only on a case by case basis where an admin has given permission for us to access it. There will be more controls for admins in the future, to give our customer support limited time access to the data.
7. Is data in the production environment prevented from being used in non-production environments and systems unless obfuscated or scrambled?
Currently production data is only limited to periods where we cant replicate a bug, or we need to test out certain changes. There is access monitoring to production data dumps for debugging. Data obfuscation is on our roadmap.
8. Are offsite backups containing data encrypted?
Yes they are encrypted.
9. Does the cloud provider securely dispose of my data?
Yes, once the user chose to delete the company from Talenox, it scrubs everything. However, it can still retain in our backups as we keep our daily backups for a very long period of time. Our backups can only be accessed by the CTO.
10. How often does the firm back up data? What are their backup procedures for data?
Our backup procedures are robust, we have a minute level snapshot, and a daily snapshot. The minute level last for 35 days, while daily is kept for years.
11. Would i have access to the logs of who has accessed or attempted to access our data, including dates and timestamps, IP addresses, or other audit trail information?
We can provide audit trail upon request, but give us some time to respond.
12. Is there a designated individual or group responsible for oversight and administration of data within the firm?
Our data privacy officer, and CTO, is responsible in the oversight and administration of data.
13. How often does the firm perform business continuity/disaster recovery tests with vendors it depends on to provide services to me?
We tend to do internal disaster test once a year, and customers didn't experience a glitch at all, except for downtime.
14. Does the firm have a backup data centre/facility?
Yes, its held by a reliable backup service. With 99.99999% data reliability.