As a company, we recognize the importance of security and our security practices. We consider transparency as one of the main doctrines on which our company is founded, we aspire to be as precise and frank as we can about the way we deal with security.
If you have additional questions regarding our security, you may contact us at: firstname.lastname@example.org.
Below you can find some general information, which we hope will provide you with confidence in how we secure the data entrusted to us.
Data Center Security
- SpatialChat provides services to thousands of users. We use the best solutions for our data centers (AWS cloud solution with the servers located in Ireland);
- AWS data centers manage physical security 24/7 with biometric scanners and the usual high-tech stuff;
- AWS employ DDOS mitigation at all of their data centers.
Protection from Data Loss, Corruption
- All Databases are kept separate and dedicated to preventing corruption and overlap. We have multiple layers of logic that segregate user accounts from each other;
- Account data is mirrored and regularly backed up off site.
Further to sophisticated complex of monitoring and logging, we have enforced two-factor authentication for all server access crosswise our production environment. Firewalls are designed according to industry best practices.
Data Encryption in transit and at rest
The SpatialChat services support the latest recommended secure cipher suites and protocols to encrypt all traffic in transit. Customer data is encrypted at rest.
We follow the developing cryptographic landscape thoughtfully and implement promptly upgrades of the service to respond to new cryptographic weaknesses as they are discovered and carry out best practices as they emerge.
SpatialChat implements a security-oriented design in multiple layers, one of which is the application layer. The SpatialChat application is progressed according to the OWASP Top 10 framework and all code is peer reviewed prior to deployment to production.
Our controlled CI/CD process comprises static code analysis, vulnerability assessment, end-to-end testing, unit testing which focuses on authorization aspects and more. SpatialChat developers undergo through security training.
Another layer of security is the infrastructure. As stated, spatial.chat is hosted across multiple AWS Availability Zones. Furthermore, our infrastructure is protected using multiple layers of defense mechanisms, including:
- Firewalls for enforcing IP whitelisting and access through permitted ports only to network resources
- A web application firewall (WAF) for content-based dynamic attack blocking
- DDoS mitigation and rate limiting
- NIDS sensors for early attack detection
- Advanced routing configuration
- Comprehensive logging of network traffic, both internal and edge
SpatialChat encrypts all data both in transit and at rest:
- Traffic is encrypted using TLS 1.3 with a modern cipher suite, supporting TLS 1.2 at minimum
- User data is encrypted at rest across our infrastructure using AES-256 or better
- Credentials are hashed and salted using a modern hash function
We set rigid restraints over our employees’ access to the data. The operation of the SpatialChat services calls for some employees have access to the systems which store and process customers’ personal data. These employees are precluded from using these admissions to view customers’ personal data unless it is necessary to do so. We have technical controls and audit policies in place to assure that any access to customers’ personal data is logged.
All of our employees and contract personnel are bound to our policies regarding customer data and sign non-disclosure agreement.
SpatialChat conducts background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis. All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the SpatialChat services.