Security, Privacy, and Compliance

Last updated 27 days ago

Cryptlex is committed to ensuring that your privacy and the data you share with us is protected. When you license your software applications using Cryptlex, you are entrusting Cryptlex with critical and sensitive data about your business and about your customers. We use best industrial practices to secure and protect the important business data you store within Cryptlex.

Shared responsibility

As a Cryptlex customer you are part of the team that keeps your data safe. You are responsible for implementing strong security measures, offered by Cryptlex, for properly managing access to your Cryptlex account and resources.

Cryptlex offers fine-grained role based access control, which can be used to limit the access to your account. It also provides two-factor authentication, which should be enabled to give your account an extra layer of security.

Certifications

Cryptlex maintains a number of certifications to further strengthen our trust with customers. These include:

EU/US Privacy Shield

Under process.

EU GDPR

Cryptlex is compliant with the EU General Data Protection Regulation (EU GDPR). Please see our Privacy Policy for details on how EU GDPR is relevant for businesses using Cryptlex.

PCI DSS

Cryptlex's payment and credit card information is handled by Stripe, which is a certified PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry. Cryptlex does not typically receive credit card data, making it compliant with PCI DSS in most situations.

ISO 27001, ISO 27017, ISO 27018

Cryptlex datacenters are compliant with ISO 27001, ISO 27017 and ISO 27018 certifications. These internationally accepted security standards cover the systems, applications, people, technology, policies, procedures and datacenters serving customers. Our hosting provider, Heroku, has achieved all three of these certificates. Heroku's ISO 27001 covers the Heroku security management controls. The ISO 27017 certification covers cloud security specifically for cloud service providers. ISO 27018 governs protection of personally identifiable information in public cloud services.

SOC2 Type I

Cryptlex datacenters are compliant with SOC 2 certification. Our hosting provider, Heroku, has achieved SOC 2 certification. This audit includes the examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability, and confidentiality of the information processed by the Heroku.

Cryptlex security features

Cryptlex has a number of basic and advanced features that help us keep your data secure and our services highly available.

Basic features

Cryptlex offers basic security features for your accounts, including:

  • Account-level two-factor authentication

  • Transport security via TLS/SSL for all incoming and outgoing network traffic (HTTPS)

  • Fine grained role-based access control to limit the access to your account and resources

  • Audit logs to allow you to view the details of every user action

Advanced features

Additional features to protect and secure your data such as:

  • Best in class, secure, battle-tested and DDoS protected infrastructure

  • Postgres (database) encryption at rest

  • Postgres (database) transport security via TLS/SSL

  • Postgres (database) logical and physical backups and rollback

  • Postgres (database) auto-rotation of credentials

  • Two-factor authentication enabled for all cloud hosting providers

  • Only authorised personnel have access to data with two-factor authentication being mandatory