Data Security
Access Monitoring
Our security team logs and monitors all access attempts to our company resources.
Backups Enabled
Backups for our databases are enabled in AWS.
Data Erasure
Customers may contact us at info@realciso.io for any data deletion requests.
Encryption-at-rest
All customer data is stored in MongoDB, AWS, and Stripe. All three provide enterprise-grade encryption-at-rest and encryption-in-transit. Stripe has been PCI certified by third party auditors.
Encryption-in-transit
All our internal and external communication in our infrastructure is encrypted using TLS 1.2 or TLS 1.3. Our application will reject requests using weak cryptographic algorithms.
Qualys SSL Labs Report – SSL Report
Physical Security
RealCISO is a fully remote team with no physical offices.
Physical security for our data centers are handled by Amazon Web Services. You can find additional details at:
Separate Production Environment
We use a staging environment that is completely separated from our production environment. Production user data is never used in our staging environment during testing. Developers do not have access to production.