We comply with global data protection and security frameworks and undergo routine audits to receive updated certifications.
1. Secure infrastructure provider
We are hosted on the same reliable & scalable infrastructure that is used to power Amazon.com and other large enterprises. AWS facilities are protected by a number of security features such as backup power, fire suppression, HVAC systems, 24/7 on-site security, security feeds, intrusion detection technology, and more.
2. Data encryption in transit & at rest
Data sent to or from Tydy uses high-grade TLS 1.2 (https) technology. This is industry standard technology, used by all tech giants and financial institutions. And at rest, data is encrypted using AES-256 key encryption.
3. Automated data redundancy and data backup
Tydy’s infrastructure has been designed to be fault tolerant. All databases operate in a cluster configuration and the application tier scales using load balancing technology that dynamically meets demand.
Our data centers backup data at least once a day and it is fully restorable within a reasonable time in the unlikely event of a problem.
4. Strict access controls
Access to all Tydy systems is managed through our identity provider, which automates user provisioning, enforces 2-Factor Authentication, and logs all activity.
When choosing a new password, we help customers pick strong passwords that have not been exposed in security breaches on other websites.
5. Server security and monitoring
All servers are configured using security guidelines, and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.
The cloud operates 44 Availability Zones within 16 geographic regions around the world, and is expanding constantly.
At Tydy, while security is everyone’s responsibility, our developers and engineers are our most important gatekeepers.
1. Penetration testing and App Monitoring
Our engineers regularly run internal penetration tests and all app access is logged and audited. A Web App Firewall (WAF) and Runtime App Self Protection Agent (RASP) keeps our systems protected at all times. In addition, 3rd party penetration tests are conducted by global agencies to verify security of the platform.
2. Development and change management process
Code development is done through a documented SDLC process, and every change is tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed to production.
3. Third-party vendor security
We carefuly vet all third-party apps and providers to make sure that they meet our data protection standards before using them. All vendors must sign an NDA before getting access to our systems.
We expect the highest standards of ethics and integrity from our people.
1. Security policies
Tydy maintains a set of comprehensive security policies that are kept up to date to meet the changing security environment.
2. Onboarding process
As you could imagine, we spend a lot of time obsessing about our onboarding :) Every new hire at Tydy must pass a thorough background check. These checks are also required to be completed for contractors. All new hires are required to sign Non-Disclosure and Confidentiality agreements.
3. Security training
Tydy employees attend a Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Code Training.
Departing employees access to devices and apps are switched off instantly during their offboarding process.