At Stichh, we prioritize the security and privacy of your data. Our mobile-first communication and collaboration platform is built with robust security measures to ensure your information remains secure. This document outlines the data security capabilities of Stichh, detailing the measures we have in place to protect your data.
AWS Cognito: We use AWS Cognito to manage user authentication and authorization. AWS Cognito provides secure user sign-up, sign-in, and access control, ensuring that only authorized users can access your data. It supports multi-factor authentication (MFA) and integrates seamlessly with other AWS services for enhanced security.
Encryption of Data in Transit: All data transmitted between our servers and your devices is encrypted using Transport Layer Security (TLS) protocols. This ensures that data is protected from eavesdropping, tampering, and forgery during transmission.
Encryption of Data at Rest: Data stored on our servers is encrypted using industry-standard encryption algorithms. This includes data stored in databases, backups, and other storage mediums. We use AES-256 encryption to ensure that your data is secure when it is at rest.
AWS Key Management Service (KMS): AWS KMS is used for managing cryptographic keys. It provides secure key storage and management, ensuring that encryption keys are protected with hardware security modules (HSMs) and access to keys is tightly controlled.
Tokenization: We implement tokenization to protect sensitive data. Tokenization replaces sensitive data with unique identification symbols (tokens) that retain all the essential information about the data without compromising its security. Tokens can be mapped back to the original data only by authorized systems with the necessary permissions.
Role-Based Access Control (RBAC): Stichh uses RBAC to ensure that users have the minimum level of access necessary to perform their functions. Access permissions are granted based on roles assigned to users, reducing the risk of unauthorized access to sensitive data.
Fine-Grained Access Control: In addition to RBAC, we implement fine-grained access control to manage access to specific resources and actions. This allows us to define detailed access policies that enforce strict access control measures across our platform.
AWS CloudTrail: We use AWS CloudTrail to log and monitor all API calls and actions taken within our platform. This provides an audit trail of user activity, helping us detect and respond to security incidents promptly.
Amazon CloudWatch: Amazon CloudWatch is used for real-time monitoring and alerting. It provides insights into system performance and security, allowing us to take proactive measures to mitigate potential threats.
AWS Compliance Programs: Stichh leverages AWS’s compliance programs, including SOC 1, SOC 2, SOC 3, and ISO 27001, to ensure our platform meets stringent security and compliance standards. This means our customers can rely on us to handle their data in accordance with industry best practices.
Data Privacy Commitment: We are committed to ensuring the privacy of our users' data. Our data handling practices are designed to protect your personal information and provide transparency and control over how your data is used.
Incident Response Plan: Stichh has a comprehensive incident response plan in place to address potential security incidents. This includes procedures for identifying, containing, eradicating, and recovering from security breaches. Our team is trained to respond swiftly to minimize the impact of any security incident.
Stichh is dedicated to providing a secure platform for communication and collaboration. By leveraging advanced AWS services and implementing robust security measures, we ensure that your data is protected at all times. We continuously monitor and improve our security practices to stay ahead of potential threats and provide you with a safe and reliable platform.