Security

We take security very seriously. Ensuring that the information collected by our website and platform is secure and protected is very important to us. Consistent with industry standards and applicable law, Subirapro has established appropriate technical and organizational measures to help prevent unauthorized access to, disclosure, alteration or misuse of information collected by the Subirapro website and platform (“Collected Data”).

We use Amazon Web Services to store all Collected Data. Amazon employs a robust physical and network architecture security program with multiple certifications. For more information on Amazon’s security processes, please visit https://aws.amazon.com/security/.



Software Security

We employ a team of specialists to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.



Encryption

All data transmitted between visitors to the Subirapro website and users of the Subirapro platform is encrypted in transit.

All data received and stored by Subirapro servers is encrypted at rest. 256-bit SSL encryption, OAuth 2.0 authentication and redundant, encrypted storage.



Physical Security

Subirapro’s technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. Physical security controls at AWS data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.



Access Control

All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. Subirapro grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee termination.



PCI Compliance & Credit Cards

Subirapro operates as a card-not-present merchant and is compliant with Payment Card Industry (PCI) Data Security Standards (DSS). When you sign up for a paid account on Subirapro, we do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.



Employees

Subirapro employees undergo background checks, are held accountable to non-disclosure agreements, and complete mandatory security training programs. Subirapro limits software development, customer support and sensitive data access exclusively to internal employees. Permissions to sensitive data are granted only if needed for employees to perform their duties and are revoked immediately if the employee is terminated.



Vulnerability Management

All systems and applications undergo security review for vulnerabilities prior to production deployment. All application dependencies are monitored for vulnerabilities using third party dependency scanning tools.



Incident Management

Subirapro maintains industry standard security incident response policies and procedures.



Contact Us

Have a question, concern, or comment about Subirapro security? Please contact support@subirapro.com.



General Data Protection Regulation (GDPR)

Compliant. Learn more, check report: app.subirapro.com



Payment Card Industry (PCI) Data Security Standards (DSS)

Compliant, Learn more



Google Security Assessment

Passed (Jan 2020). No significant vulnerabilities discovered



Subira depends upon following services/sub-processor, 

Sub-processorPurpose
Amazon Web ServicesCloud Service Provider
Tawk.toChat bot support provider
GoogleCollaboration and Productivity, Analytics for capture
Ring CentralFaxing Service Provider
sms.toSMS Service provider
StripePayment Processing Gateway
SendgridEmail messaging

  • Home
Subscribe to get the latest updates

Address: 1597 Bedford Highway Suite
R202 Royal Bank Building,
Bedford, NS B4A 1E7

© Copyright 2022 Subira - All Rights Reserved