Security & Scalability
  • Updated on 03 Oct 2019
  • 3 minutes to read
  • Contributors
  • Print
  • Share
  • Dark
    Light

Security & Scalability

  • Print
  • Share
  • Dark
    Light

We at inFeedo understand the seriousness of security and we strive to exceed the industry standard when it comes to protecting your data.

securityamberV.1-02

Note
For any password protected file please contact help@infeedo.com

1. inFeedo and the EU General Data Protection Regulation (GDPR)

inFeedo is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR), which took effect on May 25, 2018.

We have introduced tools and processes to ensure our compliance with requirements imposed by the GDPR and to help our customers comply as well.

To learn more about our GDPR compliance, please read our GDPR notice.

2. SOC 2 Type 1

Controls over security, availability, and confidentiality.
Download the report here

3. ISO 27001:2013

Provides a model for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an information security management system.
Download the report here

4. Bi-annual VAPT Audit

Vulnerability Assessment and Penetration Testing (VAPT) are both security services that focus on identifying vulnerabilities in the network, server and system infrastructure.
Download the report here

5. Annual Cloud Penetration Audit

The test identifies vulnerabilities (loopholes) on a system, network, or an application, and subsequently attempts to exploit those vulnerabilities.
A copy of the report is available upon request at help@infeedo.com

6. PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards designed to ensure that ALL companies that accept, process, store or transmit credit card information maintain a secure environment. We do this through a third party channel - Razorpay. You can check their privacy policies here.

7. Data Encryption

  • Each customer on our system has an encryption key which is generated as soon as first user signs / logs in up from that client.
  • This key is stored in our database, which is itself encrypted using AWS HSM.
  • When a user makes a request to our application, the corresponding client's key is fetched from database, decrypted by AWS HSM, and assigned to that user.
  • Using that key, any content created/read by that user is encrypted/ decrypted at the run time.
  • As soon as the request/response cycle completes, the key is destroyed.

8. Amazon Web Services (AWS) Hardware Security Module (HSM)

  • AWS Cloud HSM service helps us meet corporate, contractual, and regulatory compliance requirements for data security by using dedicated Hardware Security Module (HSM) instances within the AWS cloud.
  • CloudHSM complements existing data protection solutions and allows us to protect encryption keys within HSMs that are designed and validated to government standards for secure key management.
  • CloudHSM allows us to securely generate, store, and manage cryptographic keys used for data encryption.

9. Audit Logging and Monitoring Data Access Policy

inFeedo maintains an extensive centralised logging environment in its production environment which contains information pertaining to security, monitoring, availability, access and other metrics about the services. These logs are analysed for security events via automated monitoring software, overseen by the security team.

10. External Security Audits

We engage respected external security firms who perform regular audits of the inFeedo services to verify that our security practices are sound and to monitor our services for new vulnerabilities discovered by the security research community.

11. Business Continuity Plan (BCP) & Disaster Recovery (DR)

Customer Data is stored redundantly in multiple locations in our hosting provider’s data centres to ensure availability. We have well-tested backup and restoration procedures which allow recovery from a major disaster. Customer Data and our source code are automatically backed up every night. The operations team is alerted in the event of a failure in this system.
Download the report here

12. Technology Stack

  • Backend - NodeJS
  • Frontend - AngularJS and React JS
  • AI - R and Python
  • Database - Mysql
  • Cache Store - Elasticache
  • Cloud Infra - AWS

13. Scalability

image(32)V.5copy

Was this article helpful?