Security and Privacy at Massdriver
Massdriver was designed to make security simpler and more achievable for our customers, and that begins with us.
To validate our security posture, Massdriver has established policies and controls, which are internally maintained and monitored, and certified by third-party auditors.
- Access should be limited to only those with a legitimate business need and granted based on the principle of least privilege.
- Security controls should be implemented and layered according to the principle of defense-in-depth.
- Security controls should be applied consistently across all areas of the enterprise.
- The implementation of controls should be iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
To ensure the protection of our customers' data, Massdriver uses multiple layers of security and encryption.
- All data stores with customer data are encrypted at rest. In addition, row-level encryption is used for sensitive data within data stores.
- Any data that is transmitted over potentially insecure networks is encrypted using TLS 1.2.
- Massdrivers Secret Management product utilizes AWS Key Management Service (KMS) to encrypt your secrets and keep them secure.
Have a security-related question, or want to report a security issue? You can contact us at firstname.lastname@example.org