We encrypt all data transmitted to or from our applications using TLS 1.2 and store sensitive information in encrypted form using a unique key. We engage independent security experts to audit our code and test our applications for vulnerabilities.
We follow best practices for protecting your customers’ accounts, with passwords hashed and salted using bcrypt, TOTP-compliant two-factor authentication, and suspicious activity alerts.
All employees undergo in-depth background checks before joining the team, and our in-house privacy and security experts regularly audit compliance with policies and procedures. All employee laptops have mandatory full-disk encryption, and we strictly limit and audit access to customer data.
Our infrastructure service providers, such as Amazon Web Services, have achieved SSAE 16 and ISO 27001 compliance and meet rigorous standards for protecting the networks and servers powering Identity.com. Our infrastructure is isolated in a virtual private cloud as an additional layer of security.
Our infrastructure is independently monitored 24/7 from 60+ locations around the globe for any signs of downtime or service degradation.
We deploy our applications and databases across multiple availability zones for automatic failover and send frequent backups in encrypted form to an offsite location.
Our engineering team uses a continuous delivery methodology for application development and deployment, which lets us deliver frequent updates while minimizing the need for maintenance windows with downtime.
Identity.com is a scalable, highly available, fault-tolerant cloud web service, leveraging best-of-breed infrastructure providers to optimize global availability and performance.