Security Measures

SiteCove may update or modify these security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Service.

1. Measures of Pseudonymization and Encryption of Personal Data

Personal data is stored in AWS RDS. RDS implements encryption of data both at rest and in transit. Development, staging, and production databases and processing applications are kept separate. You may refer to AWS RDS measures.

2. Measures for Ensuring Ongoing Confidentiality, Integrity, Availability, and Resilience of Processing Systems and Services

RDS is configured with a multi-zone replication setup to ensure availability in case of catastrophic failure in one geographic region. Additionally, continuous backups of all the RDS databases are maintained using AWS tooling, adding another cold replica of all the data.

3. Measures for Ensuring the Ability to Restore Availability and Access to Personal Data in a Timely Manner in the Event of a Physical or Technical Incident

As noted above, SiteCove employs robust backup and replication strategies using AWS RDS to ensure rapid restoration of services in the event of an incident.

4. Processes for Testing, Assessing, and Evaluating the Effectiveness of Technical and Organizational Security Measures

The security of data processing is achieved by:

• Assigning a small, dedicated, and experienced team to each code subsystem, responsible for implementation, code quality, and technical decisions.
• Conducting code reviews of all contributions to the relevant subsystem.
• Using a best-in-class implementation language that eliminates whole classes of runtime bugs and ensures strong guarantees and code contracts during compilation.
• Oversight by management on new patterns of customer personal data processing.
• Ensuring only necessary data is stored, and the number of sub-processors is kept to a minimum.

5. Measures for User Identification and Authorization

Personal data is stored in AWS RDS with encryption at rest and in transit. Development, staging, and production environments are kept separate.

User authorization is implemented in-house based on business logic, user membership within a workspace, and role assignments determined by workspace administrators.

6. Measures for the Protection of Data During Transmission

Access to SiteCove’s Service is secured with the TLS protocol, adhering to industry-standard best practices and using strong cipher suites while disabling legacy weak protocols. The SiteCove website is protected by Cloudflare, which re-encrypts all traffic reaching the site.

Data transmission between storage databases and processing servers occurs over isolated networks, separate from the public internet.

7. Measures for the Protection of Data During Storage

Please refer to AWS RDS measures for details on encryption and data protection during storage.

8. Measures for Ensuring Physical Security of Locations Processing Personal Data

Personal data is processed on EC2 instances in AWS data centers. Physical security is provided by AWS. Refer to AWS policies for more details. Additional measures are in place to obscure the physical and logical locations of servers storing customer data using proxy layers.

9. Measures for Ensuring Events Logging

All SiteCove servers log system events continuously to remote locations. This does not involve collecting customer personal data. Logging is also enabled with sub-processors such as Cloudflare, AWS, Mailchimp, and SendGrid.

10. Measures for Ensuring System Configuration, Including Default Configuration

SiteCove employs an industry-standard Configuration Management System to ensure consistent system configurations during setup and updates.

11. Measures for IT Security Governance and Management

SiteCove uses the principles of defense in depth and minimum access, implementing:

• Centralized management of employee secrets and server-deployed credentials.
• Separation of production and testing environments.
• Remote access and log collection for audit purposes.
• Continuous integration and deployment with automated testing.
• Infrastructure as code using GitOps.
• 24/7 on-call DevOps presence.

12. Measures for Certification/Assurance of Processes and Products

SiteCove systems are currently undergoing a motion for SOC2 certification in the near future.

13. Measures for Ensuring Data Minimization

SiteCove only stores the minimum amount of customer personal data necessary for service delivery, billing, and legal compliance.

14. Measures for Ensuring Data Quality

SiteCove ensures data quality through password validation measures and payment processor checks to avoid fraudulent transactions. Customer-provided personal data is not actively verified.

15. Measures for Allowing Data Portability and Ensuring Erasure

Customer personal data can be retrieved using standard SQL tooling and extracted upon request. AWS RDS guarantees data erasure protocols.

16. Data Center Security

SiteCove stores production data in secure AWS data centers with redundant systems and backup power to ensure uninterrupted service.

17. Access Control

Access to SiteCove systems and services is tightly controlled through secure authentication mechanisms, role-based permissions, and monitoring.

18. Transmission Control

SiteCove enforces HTTPS encryption across all login interfaces and services, using industry-standard algorithms and certificates.

19. Input Control

SiteCove logs system behavior, traffic, and access patterns to detect malicious activities and ensure security incident resolution. Customers are notified of confirmed security incidents promptly.

20. Availability Control

SiteCove ensures redundancy and failover through robust replication and backup strategies, maintaining 99.8% uptime through AWS infrastructure.