To provide greater transparency and clarity, let's delve into more specific details regarding our security posture:
User and usage data that hoggo collects through its software is stored in Germany, European Union (EU) on the Amazon Web Services infrastructure. Access to the AWS infrastructure is limited to hoggo team members on a need-to-know basis. Our application and database servers run inside an Amazon Virtual Private Cloud (VPC). Backend databases are encrypted at REST and run in a private part of the VPC and thus not directly exposed to the internet. Only systems with a direct technical need are exposed to the public (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).
hoggo transmits data from the user's browser to our system only using secure protocols (e.g. HTTPS).
We understand that identity and access management (IAM) is a top priority for every business. That's why we chose Auth0, a leading platform that offers a suite of powerful security features to safeguard your digital identity, thus protecting application and user data.
Auth0 follows industry best practices, implementing standards such as OAuth 2.0 and OpenID Connect, ensuring that your application's authentication adheres to the highest security standards. Offering advanced features like passwordless logins, multi-factor authentication (MFA) and anomaly detection Auth0 can provide an extra layer of protection against unauthorized access.
AWS Identity and Access Management (IAM) plays a crucial role in managing access to AWS services, and it facilitates the use of short-lived credentials through features like IAM roles and temporary security credentials.
Only hoggo engineers who require permissions to perform their job are given access (least privilege principle). Engineers who do have access, have their own credentials and every access attempt gets monitored and irrevocably logged.
We periodically conduct full database backups, stored on Amazon Cloud Storage (AWS S3) and kept for at least seven days.
We understand that Business continuity and high availability are essential for our users as they ensure uninterrupted access to services, minimize downtime, and contribute to data integrity.
By leveraging self-healing AWS PaaS (Platform-as-a-Service) services under the shared responsibility model, hoggo and its users benefit from AWS-managed automation for self healing, fault tolerance through multiple Availability Zones and/or Regions, and scalability with load balancing and automatic scaling. While AWS takes care of the infrastructure-level aspects, hoggo is responsible for optimizing its applications to fully utilize these features, ensuring a resilient and highly available environment. There is active monitoring and alarming in place for both the application and the infrastructure of hoggo.
Our Infrastructure is currently hosted on Amazon AWS. AWS is ISO27001 and SOC2 certified, which ensures an additional layer of credibility and security.
You can read more about AWS ISO-27001 Certification here (https://aws.amazon.com/compliance/iso-27001-faqs/) and more about AWS SOC2 third-party audit reports here (https://aws.amazon.com/compliance/soc-faqs/).
Our commitment to keeping your data secure started since the first day of hoggo’s existence and extends across every facet of hoggo – from our employees and trusted contractors to our reliable vendors and digital contributors integrated into our broader network.
We also conduct an annual security check-up to ensure the efficacy of our defensive measures.
Our Chief Technological Officer (CTO) is in charge of keeping our digital realm secure. Should you have any questions or concerns, please feel free to reach out to him via email at: firstname.lastname@example.org
As the digital world develops, we may need to update our security measures from time to time.
Should we need to, we will make sure to share them with you here. We will also make sure that any such potential updates or changes to our security measures will ensure either an equivalent or enhanced level of security.