Enterprise-Grade Security
Your data security is our top priority. Learn about the comprehensive measures we take to protect your documents and information.
Last updated: January 10, 2024
SOC 2 Type II
Audited annually for security, availability, and confidentiality controls.
ISO 27001
Certified information security management system.
GDPR Compliant
Full compliance with EU data protection regulations.
CCPA Compliant
Meeting California Consumer Privacy Act requirements.
Infrastructure Security
Built on world-class infrastructure with multiple layers of security
AWS Infrastructure
Hosted on Amazon Web Services with multi-region redundancy, auto-scaling, and 99.99% uptime SLA.
- Multi-AZ deployment for high availability
- Auto-scaling to handle traffic spikes
- Geographic redundancy across regions
- AWS Shield for DDoS protection
Encryption
All data is encrypted at rest and in transit using industry-standard encryption protocols.
- TLS 1.3 for all data in transit
- AES-256 encryption at rest
- Encrypted database backups
- Key management via AWS KMS
Data Protection
Comprehensive data protection measures to safeguard your documents and information.
- Automated daily backups
- Point-in-time recovery capability
- 30-day backup retention
- Secure data deletion procedures
Network Security
Multiple layers of network security to protect against unauthorized access and attacks.
- Web Application Firewall (WAF)
- Intrusion detection systems
- VPC network isolation
- Regular vulnerability scanning
Access Controls
Comprehensive access management to ensure only authorized users can access your data
Authentication
- Multi-factor authentication (MFA)
- Single Sign-On (SSO) via SAML 2.0
- OAuth 2.0 / OpenID Connect
- Configurable password policies
- Session timeout controls
Authorization
- Role-based access control (RBAC)
- Granular permission settings
- Team and workspace isolation
- API key management
- Audit logging for all actions
Monitoring
- 24/7 security monitoring
- Real-time threat detection
- Anomaly detection alerts
- Login activity tracking
- Security event logging
Incident Response
Our dedicated security team follows a rigorous incident response process to quickly address any security concerns
Detection
Automated monitoring detects potential security incidents
Triage
Security team assesses severity and impact within 15 minutes
Containment
Immediate measures to contain and limit damage
Investigation
Thorough investigation to determine root cause
Resolution
Full remediation and system restoration
Communication
Transparent notification to affected customers
Security Practices
Ongoing security measures to maintain a strong security posture
Regular Penetration Testing
We conduct annual third-party penetration tests and continuous vulnerability assessments.
Security Training
All employees complete security awareness training and phishing simulations.
Vendor Security
We assess the security posture of all vendors and require SOC 2 compliance.
Secure Development
We follow secure coding practices with mandatory code reviews and automated security testing.
Report a Vulnerability
We appreciate the work of security researchers in helping keep PublishFlip and our customers safe. If you discover a security vulnerability, we encourage you to report it responsibly.
- Submit reports to security@publishflip.com
- Include detailed steps to reproduce the issue
- Allow reasonable time for us to respond
- Do not access or modify customer data
Responsible Disclosure Program
Safe Harbor
We will not pursue legal action against researchers who follow our guidelines
Quick Response
We aim to acknowledge all reports within 24 hours
Recognition
With your permission, we'll credit you in our security acknowledgments
Need Security Documentation?
We can provide additional security documentation, including our SOC 2 report, security questionnaires, and penetration test summaries upon request.