Data Security

Data Encryption

• All communications between your device and SREDify servers are encrypted using SSL with SHA-256.

• Data at rest is secured with AES-256 encryption to protect sensitive information.

​​

Physical Security

• SREDify infrastructure is hosted on Amazon Web Services (AWS), leveraging their best-in-class security and compliance measures.

​​

Workstation Security

• Employee workstations are encrypted.

• All employees use long, complex passwords managed via a password manager.

• Two-factor authentication (2FA) is enforced for all internal systems.

​​

Infrastructure Security

• We use separate AWS accounts to isolate identity management, staging, and production environments.

• Infrastructure is managed as code, ensuring regular security checks.

• All backends operate within a Virtual Private Cloud (VPC).

• All stored data is encrypted at rest (AES-256) and in transit.

• Access to production environments is strictly controlled via VPN and SSH from authorized IPs.

• Production logs are monitored for sensitive data, with automated detection and remediation.

• Keys and secrets are stored securely using AWS Parameter Store.

​​

Code and Application Security

• Automated scans check for known security vulnerabilities in our repositories.

• Client data is stored in separate schemas to prevent data leaks.

• We use parameterized queries to mitigate security risks.

• All API access is controlled using short-lived, temporary authentication keys.

• SSO authentication via Google, GitHub, Bitbucket, and LinkedIn ensures password-free user authentication.

• SREDify does not store passwords—identity management is handled via Auth0 for added security.

• SREDify only partners with industry-leading providers that meet stringent security standards. Our integrations with AWS and Auth0 comply with best practices for encryption, data protection, and identity management.

​​

Data Access by Employees

• SREDify employees do not have direct access to user data unless required for troubleshooting, and such access is strictly logged and monitored.

• Access to customer data is granted only on a need-to-know basis for support purposes and follows strict security protocols.

​​

Incident Response

• In the event of a security breach affecting user data, SREDify follows a structured incident response protocol, including immediate investigation, mitigation, and user notification as required by applicable laws.

• Users will be promptly informed of any security incidents that impact their accounts.

​​

Data Retention and Deletion

• SREDify retains user data only as long as necessary to provide services.

• Users can request data deletion at any time by contacting support@sredify.com.

• Data in the FREE plan is only retained for the previous 2 months.

• FREE accounts are deleted after 2 months of inactivity. 

​​

How to Report Security Concerns

If you notice a security issue or have concerns, please email us at support@sredify.com. We take all reports seriously and will investigate promptly.

​

User Security Best Practices

While SREDify implements robust security measures, users are responsible for safeguarding their accounts by:

• Using strong, unique passwords for their SSO accounts.

• Enabling 2FA (Two-Factor Authentication) where possible.

• Being cautious of phishing attempts—SREDify will never ask for your password via email.

 

 

For additional details on how we handle your data, please review our Privacy Policy or contact support@sredify.com.

​​​

​