We take security very seriously. Ensuring that the information collected by our website and platform is secure and protected is very important to us. Consistent with industry standards and applicable law, Subirapro has established appropriate technical and organizational measures to help prevent unauthorized access to, disclosure, alteration or misuse of information collected by the Subirapro website and platform (“Collected Data”).
We use Amazon Web Services to store all Collected Data. Amazon employs a robust physical and network architecture security program with multiple certifications. For more information on Amazon’s security processes, please visit https://aws.amazon.com/security/.
Software Security
We employ a team of specialists to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
Encryption
All data transmitted between visitors to the Subirapro website and users of the Subirapro platform is encrypted in transit.
All data received and stored by Subirapro servers is encrypted at rest. 256-bit SSL encryption, OAuth 2.0 authentication and redundant, encrypted storage.
Physical Security
Subirapro’s technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. Physical security controls at AWS data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.
Access Control
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. Subirapro grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee termination.
PCI Compliance & Credit Cards
Subirapro operates as a card-not-present merchant and is compliant with Payment Card Industry (PCI) Data Security Standards (DSS). When you sign up for a paid account on Subirapro, we do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.
Employees
Subirapro employees undergo background checks, are held accountable to non-disclosure agreements, and complete mandatory security training programs. Subirapro limits software development, customer support and sensitive data access exclusively to internal employees. Permissions to sensitive data are granted only if needed for employees to perform their duties and are revoked immediately if the employee is terminated.
Vulnerability Management
All systems and applications undergo security review for vulnerabilities prior to production deployment. All application dependencies are monitored for vulnerabilities using third party dependency scanning tools.
Incident Management
Subirapro maintains industry standard security incident response policies and procedures.
Contact Us
Have a question, concern, or comment about Subirapro security? Please contact [email protected].
General Data Protection Regulation (GDPR)
Compliant. Learn more, check report: app.subirapro.com
Payment Card Industry (PCI) Data Security Standards (DSS)
Compliant, Learn more.
Google Security Assessment
Passed (Jan 2020). No significant vulnerabilities discovered
Subira depends upon following services/sub-processor,
| Sub-processor | Purpose |
|---|---|
| Amazon Web Services | Cloud Service Provider |
| Tawk.to | Chat bot support provider |
| Collaboration and Productivity, Analytics for capture | |
| Ring Central | Faxing Service Provider |
| sms.to | SMS Service provider |
| Stripe | Payment Processing Gateway |
| Sendgrid | Email messaging |