DecisionVault's Security Details
Introduction
As an application used for intake of lots of sensitive information, we recognize the importance of excellent security practices. While we are a small team, we work hard to punch above our weight on security.
This document covers our security practices and policies.
Security Practices
We are working with an auditor towards SOC2 Type 1 certification and expect to have that in place by the end of 2024.
Here's how we guard people's data:
All information exchanged between the browser and the server is encrypted while being transmitted and encrypted while saved on disk.
The app is hosted on cloud infrastructure in the United States - in a dedicated stack on Aptible (aptible.com), an application hosting provider that specializes in hosting apps with sensitive data.
Any information entered by the attorney or the client user is deemed "User Data" per our terms and conditions - we facilitate the capture, storage and transfer of this information as directed by the user, and do not share it in any way.
We have Two Factor Authentication available to secure your account against compromised passwords, by requiring to generate a 6-digit code from an authenticator app upon sign in.
The information stored in DecisionVault is backed up nightly to guard against the unlikely event of hardware failure in the application hosting infrastructure.
We have a private bug bounty program - where on an ongoing basis different security researches test the security of the application. This program is managed by YesWeHack.com. If you are a security researcher and interested in being part of the program please reach out to them directly - registering an account and testing on our production environment is NOT allowed.
The application has error tracking tools in place that monitor for problems and track technical information related to the type of browser, IP address and the action/page users were on when an error occurred.
We have automatic checks and scans in place that monitor the applications dependencies for vulnerabilities.
FAQs
Any further questions? Email us at security@decisionvault.com.