Highlights from our SaaS Security Policy. We protect your data and our platform with clear roles, access controls, encryption, and incident response.
Our security policy provides the framework for secure operation, management, and use of our SaaS application—protecting your data, our intellectual property, and service reliability.
Security is a shared responsibility. Clear roles ensure the right people are accountable and have authority to manage different aspects of our application security.
Every user has a unique ID and must authenticate with strong passwords. Access is role-based with minimum privilege, plus 2FA and session management where applicable.
Data on AWS RDS is encrypted at rest and in transit. Backups are encrypted and automated; retention and deletion follow business and legal requirements.
We have a defined process to identify, report, classify, and respond to security incidents—with clear communication to stakeholders and post-incident analysis to improve.
Django runs in Docker on AWS EC2 and RDS. We use WAF at the edge, GitHub for code and CI/CD, and strict environment segregation with least privilege.
We follow OWASP-aligned secure coding, Django's built-in protections (CSRF, XSS, SQL injection, clickjacking), HTTPS/HSTS, strong password hashing, and regular patching and testing.