Cryptlex is committed to ensuring that your privacy and the data you share with us is protected. When you license your software applications using Cryptlex, you are entrusting Cryptlex with critical and sensitive data about your business and about your customers. We use best industrial practices to secure and protect the important business data you store within Cryptlex.
As a Cryptlex customer you are part of the team that keeps your data safe. You are responsible for implementing strong security measures, offered by Cryptlex, for properly managing access to your Cryptlex account and resources.
Cryptlex offers fine-grained role based access control, which can be used to limit the access to your account. It also provides two-factor authentication, which should be enabled to give your account an extra layer of security.
Cryptlex maintains a number of certifications to further strengthen our trust with customers. These include:
Cryptlex's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Cryptlex does not typically receive credit card data, making it compliant with PCI DSS in most situations.
Cryptlex datacenters are compliant with ISO 27001, ISO 27017 and ISO 27018 certifications. These internationally accepted security standards cover the systems, applications, people, technology, policies, procedures and datacenters serving customers. Our hosting provider, Heroku, has achieved all three of these certificates. Heroku's ISO 27001 covers the Heroku security management controls. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.
Cryptlex datacenters are compliant with SOC 2 certification. Our hosting provider, Heroku, has achieved SOC 2 certification. This audit includes the examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability, and confidentiality of the information processed by the Heroku.
Cryptlex has a number of basic and advanced features that help us keep your data secure and our services highly available.
Cryptlex offers basic security features for your accounts, including:
Account-level two-factor authentication
Transport security via TLS/SSL for all incoming and outgoing network traffic (HTTPS)
Fine grained role-based access control to limit the access to your account and resources
Audit logs to allow you to view the details of every user action
Additional features to protect and secure your data such as:
Best in class, secure, battle-tested and DDoS protected infrastructure
Postgres (database) encryption at rest
Postgres (database) transport security via TLS/SSL
Postgres (database) logical and physical backups and rollback
Postgres (database) auto-rotation of credentials
Two-factor authentication enabled for all cloud hosting providers
Only authorised personnel have access to data with two-factor authentication being mandatory