Security

​

Security Overview

​

Infrastructure & Data Security

​

Cloud Infrastructure

• Encryption at Rest: All data is encrypted using AES-256 encryption
• Encryption in Transit: All data transmission uses TLS 1.2 or higher
• DDoS Protection: AWS Shield provides automatic protection against distributed denial-of-service attacks

​

Multi-Tenant Data Isolation

• Logical Isolation: Our platform uses an actor-based authorization pattern to enforce tenant boundaries at the application level
• API Authorization: Every API request validates tenant context before accessing data
• Connection Isolation: Each telematics provider connection is isolated and scoped to a single customer

​

Data Retention & Deletion

• Configurable Retention: Data retention periods can be configured based on your requirements
• Secure Deletion: When data is deleted, it is securely removed from all storage systems
• Backup Security: Encrypted backups are maintained for disaster recovery with the same security controls as production data

​

Access Controls

​

Authentication & Authorization

• Single Sign-On (SSO): Support for SAML 2.0 SSO integration with your identity provider
• Multi-Factor Authentication (MFA): Optional MFA for additional account security
• Role-Based Access Control (RBAC): Granular permissions to control who can access what data and perform which actions
• API Key Management: Secure API key generation, rotation, and revocation capabilities

​

Least Privilege Access

• Just-In-Time Access: Engineers request temporary access for specific troubleshooting needs
• Access Logging: All access to production systems is logged and monitored
• Regular Access Reviews: Periodic reviews ensure access rights remain appropriate

​

Monitoring & Logging

​

Security Monitoring

• Real-Time Alerting: Automated alerts for suspicious activities and security events
• Infrastructure Monitoring: Continuous monitoring of system health and security metrics
• Audit Logging: Comprehensive logs of API requests, authentication events, and administrative actions
• Log Retention: Security logs are retained for compliance and forensic analysis

​

Vulnerability Management

• Automated Scanning: Continuous vulnerability scanning of dependencies and infrastructure
• Patch Management: Timely application of security patches and updates
• Penetration Testing: Regular security assessments by third-party security experts

​

Secure Development Practices

​

Development Lifecycle

• Code Reviews: All code changes require peer review before deployment
• Automated Testing: Comprehensive test suites validate functionality and security
• Static Analysis: Automated tools scan code for security vulnerabilities
• Continuous Integration: Automated CI/CD pipelines enforce security checks before deployment

​

Dependency Management

• Dependency Scanning: Automated scanning for known vulnerabilities in third-party libraries
• Regular Updates: Proactive updates to maintain secure, up-to-date dependencies
• License Compliance: Monitoring of open-source licenses for compliance

​

Incident Response

• 24/7 Monitoring: Continuous monitoring enables rapid detection of potential incidents
• Incident Response Team: Dedicated team trained in security incident response
• Communication Plan: Clear protocols for customer notification in the event of a security incident
• Post-Incident Review: Thorough analysis and remediation after any security event

​

Data Privacy

​

Privacy Commitment

• Data Minimization: Each customer tenant is configured based on the specific data they need. We only pull the data requested from customer telematics accounts
• Purpose Limitation: Data is used only for the purposes you authorize
• Customer Data Ownership: You retain ownership and control of your data
• Third-Party Access: We do not share your data with third parties except as necessary to provide our services or as required by law

​

Compliance

​

Security Contact