Security is a top priority for us and we have implemented various best practices to ensure data protection. Here are some key measures:
Secure Data storage: We use Pinecone, a SOC2 Type II certified vector database, to store data securely. Our system uses a multi-tenant architecture, ensuring that customer data is isolated from one another.
Encryption and Network Security: We follow several best practices like using Transport Layer Security (TLS) to encrypt all traffic. Network security measures, including firewalls, are implemented to protect against unauthorized access.
Access Controls and Data Handling: Access control is enforced through Identity and Access Management (IAM) mechanisms, ensuring that only authorized personnel can access sensitive data. We have 2FA on all sensitive tools, and handle client ID, secret, and bot tokens with utmost care.
Least Privilege Principle: We only request the necessary scopes and "least privilege" tokens required for the app's functionality. For example, we request messaging access only for Slack channels the bot is explicitly added to, which is crucial for the app to function.
Role-Based Access Control (RBAC): By default, only the admin user, who initially installed the app, has access to configure the app (like add more pages on which the responses are based). We have RBAC mechanisms that allow the admin to grant explicit access permissions to authorized personnel. This ensures that only individuals with the necessary authorization can configure the app.
Security Audits and Penetration Testing: We regularly perform security audits and penetration testing to identify and address any potential vulnerabilities promptly. We can provide a summary of the last internal penetration report on request.
Supplier Management: We conduct risk assessments of suppliers in accordance with our supplier management policy.
We understand that you trust us with your data when you use our app, and we don't take that trust lightly. Feel free to reach out for any clarifications and additional questions.