Security

SOC2 Type II, GDPR

Supered is SOC2 Type II certified and GDPR compliant. Third party auditors verify our security practices annually, including penetration testing. Our security reports are available in our Trust Center, including our SOC2 Type II report with zero exceptions.

Built on Amazon Web Services and Fly

Our application is built on AWS and Fly.io. We benefit from their data center and system development practices. We leverage AWS best practices to ensure that our systems are secure from the outside-world. Fly.io provides secure and scalable infrastructure that lets us focus on serving you.

Transfer between infrastructure providers is done exclusively via private networking. We do not expose databases or other infrastructure to the public web.

AWS maintains an audited security program, as well as physical, environmental, and infrastructure security protections. Business continuity and disaster recovery plans have been independently validated as part of their SOC 2 Type II and ISO 27001 certifications.

Fly.io maintains a SOC 2 Type II audit as well as their own documented security program.

We protect your data.

In addition to normal means of encrypting data at rest, we ensure your integration keys are encrypted using an additional encryption layer. We leverage AWS database backups to ensure we keep your data intact.

Your data are sent using HTTPS.

Whenever your data are in transit between you and us, everything is encrypted, and sent using HTTPS. Within our firewalled private networks, data may be transferred unencrypted.

Any files which you upload to us are stored and are encrypted at rest. Our SQL databases and backups are also encrypted at rest using AWS. The information you add to the applications is active in our databases and subject to the same protection and monitoring as the rest of our systems.

Regularly-updated infrastructure.

Our software infrastructure is updated regularly with the latest security patches. Our products run on AWS networking infrastructure, which enables firewall and application security. Our products additionally run on Fly’s infrastructure, where updates are automatically applied.

Logical Tenant Separation.

Supered provides a highly scalable, multi-tenant SaaS solution. The Supered user interface and APIs restrict access to authorized content exclusively. Information is made available via the user interface or APIs to be produced for a specific Supered instance, without the risk of cross-instance access or data pollution. We enforce tenant protection on all database queries.

We protect your billing information.

We use Stripe to process your billing information. Card information is transmitted, stored, and processed securely on Stripe’s PCI-Compliant network.

Have a concern? Need to report an incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Please contact us to submit a report.