Our basic tenets of security are:
This information applies to the Redpen suite of products that includes Jira Add-On, Chrome Extension, and Websites linked to https://www.redpen.ai and its subdomains.
Redpen uses Amazon Web Services (AWS) as the cloud provider.
A very limited number of our team members have access to the AWS production account. Access to AWS by them is audited by AWS. The access to the accounts is protected by 2FA.
Amazon makes significant investments in ensuring the security of the services it offers. We make all the attempts to leverage the built-in security offered by AWS infrastructure. Keeping that in mind, some of the AWS services that we use are:
The majority of the service components are not accessible from the internet. Only the required services required to deliver functionality to the user are accessible from the internet.
We have a limited set of engineers and architects who are allowed to install the software in our production environment. In most cases, software installation is not possible.
We rely on the standard underlying images offered by AWS Elastic Beanstalk. Update and patching is configured to be managed by AWS.
We use AWS CloudWatch and Xray to monitor our systems and collect logs. Our SRE teams use them to monitor for availability or performance issues. Logs are retained for 30 days.
Logs are a key component of our overall incident detection and response strategy.
We have developed our system for business continuity. Our entire infrastructure is elastic and can scale to ensure high availability and performance.
There would always be people or entities who would try to breach our security and we have to be prepared that there is always a probability that they may succeed in that. We have processes and plans to handle such disruptions. Our goal is to minimize the impact on you in terms of the availability of our service and the loss of any critical data.
RDS databases are configured to be backed up daily utilizing built-in backup functionality offered by AWS. Backups are securely stored in AWS S3 buckets.
Amazon RDS snapshots are retained for 35 days with support for point-in - time recovery and are encrypted using AES-256 encryption.
We have a number of measures to ensure that we keep customer data secure.
Redpen products and data are hosted with the industry-leading cloud hosting provider Amazon Web Services (AWS).
Any customer data in our products are encrypted in transit over public networks using TLS encryption.
Our RDS databases are encrypted at rest and in transit.
Redpen uses the AWS Key Management Service (KMS) for key management. The encryption, decryption, and key management process is inspected and verified internally by AWS on a regular basis as part of their existing internal validation processes. An owner is assigned for each key and is responsible for ensuring the appropriate level of security controls is enforced on keys.
Redpen is a multi-tenant Software-as-a-Service product. All our customers use to share a common cloud-based IT infrastructure when using Redpen products.
We have measures in place to ensure they are logically separated so that the actions of one customer cannot compromise the data or service of other customers. We use logical isolation of our customer data.
Security is a joint responsibility between Ajmera Infotech Inc. and our customers.
Some of the responsibilities of customers are:
Only authorized personnel have access to customer data stored within our applications. They are trained to not access customer data unless it is done for:
Unauthorized or inappropriate access to customer data is treated as a security incident and managed through our incident management process. This process includes instructions to notify affected customers if a breach of policy is observed.
We have a way for users to request to delete their data using https://www.redpen.ai/delete-my-information. We anonymize the user data when a deletion request is received on personal data reporting
We use the following automated analysis systems to identify security issues in our system.
Any security vulnerabilities identified are tracked in our internal Jira as they come.
We use a range of vulnerability detection tools that are run regularly across our infrastructure to automatically scan for and identify vulnerabilities.
We are continually reviewing the latest tools available and adding them to the suite we use if we believe they will enhance our vulnerability detection capabilities.
As part of our development process – we use a range of tools to try to identify and prevent as many vulnerabilities and bugs as possible from making their way into our products by the time our customers and users have access to them.
In addition, when a vulnerability is identified by one of our users during standard use of a product, we welcome notifications and respond promptly to any vulnerabilities submitted.
We take even the smallest incidence reported very seriously. Our highly qualified team investigates every incidence, tracks the finding, implement the fixes or mitigations, and update the process to prevent any similar future incidences. Customers are kept updated on the progress, findings, and actions taken on the incidence related to them.
Ajmera Infotech Inc. shall comply with government requests for data received after following appropriate legal processes (whether a request for user data or a request to remove content/suspend user accounts).
For further questions, contact us at email@example.com