We take security very seriously. Ensuring that the information collected by our website and platform is secure and protected is very important to us. Consistent with industry standards and applicable law, Subirapro has established appropriate technical and organizational measures to help prevent unauthorized access to, disclosure, alteration or misuse of information collected by the Subirapro website and platform (“Collected Data”).
We use Amazon Web Services to store all Collected Data. Amazon employs a robust physical and network architecture security program with multiple certifications. For more information on Amazon’s security processes, please visit https://aws.amazon.com/security/.
We employ a team of specialists to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
All data transmitted between visitors to the Subirapro website and users of the Subirapro platform is encrypted in transit.
All data received and stored by Subirapro servers is encrypted at rest. 256-bit SSL encryption, OAuth 2.0 authentication and redundant, encrypted storage.
Subirapro’s technical infrastructure is hosted on Amazon Web Services SOC 2 accredited data centers. Physical security controls at AWS data centers include 24x7 monitoring, cameras, visitor logs, and entry requirements.
All services related to operations and infrastructure are accessible only through secure connectivity (e.g., SSL, SSH). All systems require multi-factor authentication. Our back-office, service, and infrastructure password policies require minimum lengths, complexity, expiration, lockout, and disallows reuse. Subirapro grants access to staff and contractors on the basis of least privilege rules, reviews permissions monthly, and revokes access immediately after employee termination.
PCI Compliance & Credit Cards
Subirapro operates as a card-not-present merchant and is compliant with Payment Card Industry (PCI) Data Security Standards (DSS). When you sign up for a paid account on Subirapro, we do not store any of your card information on our servers. It's handed off to Stripe, a company dedicated to storing your sensitive data on PCI-Compliant servers.
Subirapro employees undergo background checks, are held accountable to non-disclosure agreements, and complete mandatory security training programs. Subirapro limits software development, customer support and sensitive data access exclusively to internal employees. Permissions to sensitive data are granted only if needed for employees to perform their duties and are revoked immediately if the employee is terminated.
All systems and applications undergo security review for vulnerabilities prior to production deployment. All application dependencies are monitored for vulnerabilities using third party dependency scanning tools.
Subirapro maintains industry standard security incident response policies and procedures.
Have a question, concern, or comment about Subirapro security? Please contact firstname.lastname@example.org.
General Data Protection Regulation (GDPR)
Compliant. Learn more, check report: app.subirapro.com
Payment Card Industry (PCI) Data Security Standards (DSS)
Compliant, Learn more.
Google Security Assessment
Passed (Jan 2020). No significant vulnerabilities discovered
Subira depends upon following services/sub-processor,
|Amazon Web Services||Cloud Service Provider|
|Tawk.to||Chat bot support provider|
|Collaboration and Productivity, Analytics for capture|
|Ring Central||Faxing Service Provider|
|sms.to||SMS Service provider|
|Stripe||Payment Processing Gateway|