Security and Integrity

All your data is stored in Amazon Web Services (AWS) in the United States, specifically in the us-east-1 region with distribution in multiple availability zones. We use Ubuntu servers with AWS Graviton architecture. We do not maintain physical servers in our own facilities.

We apply encryption at all layers. Communications use TLS 1.2 and 1.3 with 2048 bit keys. Stored data is protected with AES-256. Passwords are never stored in plain text, we always use secure hash algorithms.

As an active customer you can export your information at any time. If you cancel, we keep your data for 90 days in case you change your mind. After that period, it is deleted from our production databases. You can also request early deletion in writing.

We implement role-based access control (RBAC). Only authorized personnel according to their role can access production data. Permissions are automatically reviewed daily and manually every 6 months. Our entire team signs confidentiality agreements.

We guarantee availability between 99.95% and 100%. We operate with N+1 redundancy in all critical components: servers, database and storage. If any component fails, another one automatically takes over without affecting your operation.

We maintain multiple layers of backup: real-time database replication, daily backups with 7-day retention, and Amazon S3 file storage distributed across multiple zones. Everything is designed for rapid recovery to any eventuality.

Yes, continuously. Every code update goes through security analysis before it goes to production.

We have an incident response team. If something happens that affects your information, we contact you directly by mail or phone. We let you know what happened, the extent of the impact and the actions we are taking. We maintain communication until the incident is completely resolved.