Security and Trust

Last Revised: Aug 04, 2021

We appreciate and value our customer's trust - the quality and security of our systems are important aspects of our everyday practices.

While we are yet to undergo a formal SOC/ISO certification we'd like to be transparent and honest about our security measures.

Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. Our CSA CAIQ 3.1 self-assessment questionnaire, which is based off of the Cloud Controls Matrix and the CSA Code of Conduct for GDPR Compliance, is available for your convenience.

We are committed to using the industry's best practices and controls to ensure that we provide secure and reliable service to our customers.

Product security

Authentication

We use AWS Cognito to store and authenticate our Services' users - the credentials are only available to users and are never exposed to our personnel.

Permissions

We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, and performing critical activities.

Password and Credential Storage

The credentials and authentication logic are protected by a well-known and established vendor.

Uptime

We have an uptime of 99.8% or higher. We are still working on our status page to make the uptime visible.

Customer Best Practices

There are simple steps you can take to increase the security of your app. Check out the Staying Secure section on our docs site.

Network and application security

Data Hosting and Storage

Currents services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the USA.

Failover and DR

Currents was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 AWS availability zones and will continue to work should any one of those data centers fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Back Ups and Monitoring

We do utilize periodic backups of customer data and service metadata to ensure reliable recovery if needed.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Currents is served 100% over https.

We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, AWS, and MongoDB to ensure access to 3rd party services is protected.

Encryption

All data sent to or from Currents is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests and Vulnerability Scanning

Currents uses third-party security tools to periodically scan for vulnerabilities on application and network layers.

Have any questions?

If you have any questions (or comments) concerning this document, please send us an email to the following address: support@currents.dev and we will make an effort to reply within a reasonable timeframe.