TimeZest uses industry-standard practices to ensure that your data, and the data of your clients is always secure. We don’t publicize all of the security measures we take, but some of the ones we can talk about are listed here.
TimeZest’s servers are hosted in the Tier 1 data centers of Amazon Web Services (AWS). AWS is an ISO27001-certified hosting provider, with extensive physical, biometric and software access control to the physical servers on which TimeZest runs.
Encryption at Rest
All disks used by TimeZest, both for long-term & database storage, as well as temporary data storage are encrypted at rest.
Certain types of particularly sensitive data, such as API keys, are stored with an additional level of encryption which prevents their disclosure even in the unlikely event our database is compromised.
Automatically updated operating systems and software
TimeZest automatically updates the operating system and application software used on our servers as improvements are made and any security problems are fixed.
Static Security Analysis
Every line of code in the TimeZest application undergoes Static Analysis Security Testing (SAST) with each commit to detect potential security issues.
Automated dependency monitoring
We use automated tools to monitor any libraries and software dependencies we use against databases of known security issues.
Anti-SQL Injection measures
TimeZest is built using an widely-used application framework which contains in-built support for bound query parameters. Further, our coding guidelines prohibit any direct manipulation of SQL statements as strings.
Our application framework as well as our frontend framework contain automated protection against XSS attacks through automated escaping of any displayed data.
All communication between your browser, our CDN, TimeZest’s servers and the APIs we access are conducted over encrypted protocols such as HTTPS.
TimeZest uses Multi-Factor Authentication (MFA) for the services we rely on to provide TimeZest to drastically reduce the risk of account compromise and takeover.
Have other questions regarding our security practices?
Please write us at [email protected] 😃