Security and Trust

Last Revised: Sep 21, 2023

We appreciate and value our customer's trust - the quality and security of our systems are important aspects of our everyday practices.

While we are yet to undergo a formal SOC/ISO certification we'd like to be transparent and honest about our security measures.

Cloud Security Alliance, the Security Trust Assurance and Risk (STAR) registry encompasses key principles of transparency, rigorous auditing, and cloud security and privacy best practices. Our CSA CAIQ 3.1 self-assessment questionnaire, which is based on the Cloud Controls Matrix and the CSA Code of Conduct for GDPR Compliance, is available for your convenience.

STAR-Level-1 Certification Logo

Currents.dev CSA CAIQ 3.1 Level 1 Listing

EU Customers

Prighter certificate of Art 27 representation

We value your privacy and your rights as a data subject and have therefore appointed Prighter as our privacy representative and your point of contact.

Prighter gives you an easy way to exercise your privacy-related rights (e.g. requests to access or erase personal data). If you want to contact us via our representative Prighter or make use of your data subject rights, please visit: https://prighter.com/q/15737831043

Product Security

We are committed to using the industry's best practices and controls to ensure that we provide secure and reliable service to our customers.

Authentication

We use AWS Cognito to store and authenticate our Services' users - the credentials are only available to users and are never exposed to our personnel.

Permissions

We enable permission levels within the app to be set for your teammates. Permissions can be set to include app settings, billing, and performing critical activities.

Password and Credential Storage

The credentials and authentication logic are protected by a well-known and established vendor.

Uptime

We have an uptime of 99.8% or higher. We are still working on our status page to make the uptime visible.

Customer Best Practices

There are simple steps you can take to increase the security of your app. Check out the Staying Secure section on our docs site.

Network and application security

Data Hosting and Storage

Currents services and data are hosted in Amazon Web Services (AWS) facilities (us-east-1) in the USA.

Failover and DR

Currents was built with disaster recovery in mind. All of our infrastructure and data are spread across 2 AWS availability zones and will continue to work should any one of those data centers fail.

Virtual Private Cloud

All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.

Back Ups and Monitoring

We do utilize periodic backups of customer data and service metadata to ensure reliable recovery if needed.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Currents is served 100% over https.

We have SAML Single Sign-on (SSO), 2-factor authentication (2FA), and strong password policies on GitHub, Google, AWS, and MongoDB to ensure access to 3rd party services is protected.

Encryption

All data sent to or from Currents is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only. We also encrypt data at rest using an industry-standard AES-256 encryption algorithm.

Pentests and Vulnerability Scanning

Currents uses third-party security tools to periodically scan for vulnerabilities on application and network layers.

Have any questions?

If you have any questions (or comments) concerning this document, please send us an email to the following address: support@currents.dev and we will make an effort to reply within a reasonable timeframe.