Data Privacy and Security

Updated: October 2, 2024

At Spacebring, the security of our applications and your data is our top priority. We have implemented comprehensive measures to ensure robust protection and maintain the highest security standards.

Application Security

Data Centers

Spacebring's data and servers are hosted on Amazon Web Services (AWS) in Ireland and Vercel for our web application. These platforms provide world-class infrastructure and security measures to safeguard your data.

Amazon Web Services (AWS) Details

Amazon Web Services (AWS) provides a highly secure and resilient infrastructure. AWS employs stringent safeguards to protect customer privacy and data integrity. All data is stored in state-of-the-art, secure AWS data centers. For a comprehensive overview of AWS’s security measures and privacy practices, please visit the AWS Cloud Security page. For a list of all current security accreditations, see the AWS Compliance Programs page.

Vercel Details

Vercel provides a robust platform for hosting our web application, ensuring high performance and security. Vercel ensures that all data transmitted between users and the web application is encrypted using HTTPS, protecting against interception and tampering. Additionally, Vercel’s global edge network enhances security by distributing content closer to users, reducing latency and improving protection against DDoS attacks. Vercel adheres to industry-standard security practices and compliance requirements. For more information on Vercel’s security measures, please visit the Vercel Security page.

Interface Security

All access to the Spacebring interface is secured with SSL (HTTPS), ensuring that all transmitted information is encrypted. Our web applications on both subdomains and custom domains utilize a secure HTTPS connection with RSA 2048-bit keys. Our API and application endpoints are exclusively TLS/SSL, consistently achieving an “A+” rating on Qualys SSL Labs‘ tests., affirming our commitment to exceptional security standards.

Data Protection

We utilize Amazon RDS and DynamoDB encrypted database instances to safeguard your data. Continuous database backups ensure that your valuable data remains protected and recoverable. Additionally, all logs, backups, and snapshots are encrypted to prevent unauthorized access and ensure data integrity. We retain backups for 35 days and logs for 30 days, ensuring your data is both secure and recoverable over time.

Access to Data

Access to data is strictly limited to a select group of Spacebring employees. Only authorized personnel have access to the servers where data is stored, ensuring that your information remains confidential and secure. We employ rigorous access controls and audit logs to monitor and manage data access.

PCI Obligations

Spacebring partners with trusted payment processors to handle all payment transactions. We do not store credit card details or other sensitive payment information on Spacebring servers, aligning with PCI DSS compliance at a SAC A level requirements and ensuring that your payment information is handled with the utmost security.

Uptime

Check our past month's stats at https://status.spacebring.com/.

Data Processing

General Data Protection Regulation (GDPR) Compliance

We adhere to the General Data Protection Regulation 2016/679 (GDPR), which sets the standard for data protection and privacy for individuals within the European Union. Our commitment to GDPR compliance includes:

  • Data Processing Agreement: We offer a comprehensive Data Processing Agreement (DPA) for all our customers, outlining our obligations and responsibilities in processing personal data.
  • Data Protection Officer: Spacebring has appointed a Data Protection Officer (DPO) who is responsible for overseeing our data protection strategy and ensuring compliance with GDPR and other applicable data protection laws.

Continuous Monitoring and Early Detection

To safeguard our systems and user data, Spacebring employs continuous monitoring of user and server activity. This proactive approach enables us to detect and respond to suspicious activity early, ensuring the security and integrity of our data processing environment.

  • User Activity Monitoring: Regular monitoring of user activities to identify any unusual or unauthorized access attempts.
  • Server Activity Monitoring: Continuous surveillance of server operations to detect potential vulnerabilities or breaches.
  • Incident Response: A robust incident response plan to address and mitigate any security incidents promptly.

Vulnerability scanning

Spacebring uses multiple vulnerability monitoring techniques including code-level scanning, dependency scanning, and security reviews to identify and remediate vulnerabilities.

Vulnerabilities are prioritized based on severity and risk, and are remediated according to the following schedule:

  • Critical: 15 Days
  • High: 30 Days
  • Medium: 90 Day
  • Low: 180 Days

Internal Security Measures

Organizational Security

Our Spacebring Information Security Policy applies universally across the organization and is mandatory for all employees, contractors, and any individuals involved in our business processes. Key aspects of our organizational security include:

  • Regular Access Audits: We perform frequent access audits to ensure that only authorized personnel have access to sensitive information and systems.
  • Password Management: We enforce regular password updates and adherence to strong password policies to prevent unauthorized access.
  • Principle of Least Privilege: We operate on the principle of least privilege, ensuring that employees only have access to the information and resources necessary for their roles.
  • Confidentiality Obligations: All employees are bound by strict confidentiality agreements. Failure to adhere to these obligations can result in disciplinary actions, including termination.

Employee Vetting

To maintain a secure work environment, Spacebring conducts comprehensive background checks on all new hires, contractors, and other individuals who will have access to our systems, networks, or physical data center facilities. These checks are conducted in accordance with local laws and regulations to ensure the reliability and integrity of our personnel.

Third-Party & Supplier Security

We understand the importance of securing our supply chain and the third parties we work with. Spacebring employs robust vendor risk management practices to ensure that all third-party partners and suppliers meet our stringent security standards. This includes:

  • Vendor Assessment: Regular assessments and audits of third-party vendors to ensure compliance with our security requirements.
  • Security Controls: Verification that third parties maintain the expected levels of security controls to protect our data and systems.
  • Transparency: For detailed information about our third-party partners, please refer to our List of Sub-processors.

To learn more about our corporate security guidelines, please refer to our handbook.

Contact Us

At Spacebring, we are committed to continuous improvement in our security practices. We regularly review and update our security protocols to adapt to evolving threats and maintain our commitment to protecting your data.

For any security-related inquiries or concerns, please contact our team at support@spacebring.com.