Docs

Places People B2C Links Profilefuse Financial Data Historical Data

Learn more about our data, services, and APIs.

Security & Compliance

< Prev Next >

High-level overview of security and compliance in our AWS-hosted environment

This document provides a high-level overview of security and compliance controls in our AWS-hosted environment.

Security and Compliance

  • Inbound web traffic is protected by a Web Application Firewall (WAF) before reaching the application layer.
  • HTTPS traffic is terminated at an AWS-managed load balancer.
  • Access to cloud resources is governed through role-based access controls and least-privilege principles.
  • Security monitoring and operational controls are applied across the environment.

Encryption Standards

Encryption in Transit

  • External traffic is protected using HTTPS with modern TLS standards (TLS 1.2+).
  • Certificates are managed through AWS Certificate Manager (ACM).

Encryption at Rest

  • Object storage is encrypted at rest using Amazon S3 server-side encryption (SSE-S3), which uses AES-256.
  • Relational database storage is encrypted at rest using AWS-managed key services.
  • Backups and snapshots for encrypted database resources remain encrypted.

Data Governance Controls and Certifications

  • Access to sensitive systems and data is restricted to authorized personnel based on business need.
  • Governance controls include identity and access management, change control, and auditability through platform logs and monitoring.
  • The environment runs on AWS infrastructure, which aligns with recognized industry compliance and security frameworks.

AWS Security Best-Practice Alignment

  • Our cloud security posture is informed by the AWS Security Hub Foundational Security Best Practices (FSBP) standard.
  • This baseline includes controls across core areas such as identity and access management, encryption, logging/monitoring, network protections, and data protection.
  • We use these best-practice categories as guidance for continuous security improvement in our AWS environment.

Simple Secure Workflow

  1. A client sends an HTTPS request to the application.
  2. Traffic is inspected by WAF controls.
  3. Allowed traffic is forwarded to the load balancer.
  4. TLS is terminated at the load balancer.
  5. The application processes the request.
  6. Data is stored in encrypted storage services (database and object storage).
< Prev Next >