We take security very seriously, and we believe in multiple layers of defenses. Across all our projects and Client engagements, we employ the following security measures:

All data is encrypted at rest and in transit in excess of the specifications of the US Federal Information Processing Standard (FIPS) 140-2 Level 3.

All changes to our source code are cryptographically signed using hardware-based asymmetric encryption.

All changes to our source code are reviewed by at least one other engineer before being committed to our source code repository.

Furthermore, all changes to our source code are automatically tested and deployed to our production servers using a continuous integration and deployment pipeline that does not require human intervention.

All engineering and administrative access to our services is secured through hardware-based certificate authentication exceeding the specifications of the US Federal Information Processing Standard (FIPS) 140-2 Level 3.

All engineering and administrative access to our servers is audited and tracked.

All of our servers are hosted in secure data centers that are physically protected by armed guards and monitored 24/7 by video surveillance, biometric scanners, and other security measures.

All connections coming in, or out, of our servers are encrypted using SSL, or other technologies as appropriate.