Keeping our member's data secure is the most important thing that we do at Perx. We go to considerable lengths to ensure that all data sent to Perx is handled securely as keeping Perx secure is critical to our business. We want to share some of the details of what we do everyday to keep things secure, and some of the work that we're doing to continually improve the security of your data.
Our team has relevant experience
Our team includes people who've designed, built and operated secure Internet facing systems in relevant industries like health, banking and other cloud services. Our technical advisers include people familiar with best-practice in IT security, from white-hat hackers who've worked for the biggest firms globally to engineers who built payment systems for Walmart.
We host in world-class facilities
All our services and data are hosted in Amazon Web Services facilities in the USA and Australia. Amazon Web Services are the largest provider of hosting services globally and so are highly experienced in enabling security by design.
You can read more about the considerable measures Amazon take in securing their facilities and services here: https://aws.amazon.com/security/
We follow best practices
At Perx we follow a number of best practices that improve our security posture. Here are a few examples:
All data sent to Perx is encrypted in transit. Our API and application endpoints are TLS/SSL, we use strong cipher suites and have features such as Perfect Forward Secrecy fully enabled. We also encrypt all data at rest.
We use industry-standard authentication methods to ensure that only you get access to your data.
We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our security, privacy, and compliance controls to ensure the continuous security of your data.
We have functioning, frequently used automation in place so that we can safely and reliably roll-out changes to our technology. This gives us confidence that we can get a security fix out quickly when required.
We use technologies such as AWS Cloudtrail and GuardDuty to provide an audit trail over our infrastructure. Auditing allows to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
Our team uses two-factor authentication whenever possible in their day-to-day work. We ask vendors to enforce two factor authentication in all our accounts. We discourage use of shared accounts on any system - when we have no choice we use a password manager to securely share logins.
We educate all staff on security procedures and policies from technical developers all the way to account managers.
We enable security features
Our team has developed features to allow our members to use Perx with enhanced security. These include:
Enabling biometric security to require authentication via fingerprint or facial recognition to access the Perx App
Requiring members to set passwords that are both complex and long to increase their security
Automatic detection of user credentials that have been breached on third-party services via Auth0 and notifying users
Have more security questions?
Feel free to get in touch with our team. You might also be interested in reading more about how we protect your privacy. Here's an article that explains everything about Privacy at Perx.