Security Policy
Security Policy
We do not sell or share your personal information with unaffiliated third parties for their advertising or marketing purposes without your explicit consent. For more details, please refer to our Privacy Policy.
​
Cloud Infrastructure
​
TraCarta’s solutions are hosted on a Virtual Private Cloud (VPC) via Amazon Web Services (AWS), providing a secure and scalable platform to ensure reliable and safe services.
​​
Perimeter Security
We implement a Defense in Depth Architecture that includes a network firewall, web application firewall, DDoS protection, and a content delivery network (CDN). Our infrastructure adheres to the AWS Well-Architected Framework and incorporates security practices from the AWS Cloud Adoption Framework. We utilize a 3-Tier Architecture that follows best practices from recognized standards and certifications. Our network is strictly segmented and environments are isolated for enhanced security.
Host Security
We leverage industry-leading tools for antivirus, anti-malware, intrusion prevention and detection systems, file integrity monitoring, application control, log aggregation, and automated patching to secure our hosts.
​​
Data Security
We ensure data security by separating environments and enforcing segregation of duties with strict role-based access control, documented and authorized on a need-to-use basis. Access to data is restricted using key management services, with stored data encrypted at rest and sensitive data protected by application-level encryption. We ensure data resiliency through replication, durability via snapshotting, and reliability through backup and restore testing.
Incident and Change Management
​
Our mature Change Management processes allow us to roll out thoroughly tested features securely and reliably, enhancing your TraCarta experience. We take a proactive approach to Incident Management, with a Network Operations Center (NOC) and an Information Security Management System (ISMS) in place to quickly respond, remediate, or escalate incidents, whether due to planned or unplanned changes.
​​
Vulnerability Assessment and Penetration Testing
We integrate both static and dynamic application security testing into our continuous integration/continuous deployment (CI/CD) pipeline to ensure a secure product lifecycle.
​
Responsible Disclosure
At TraCarta, we are deeply committed to safeguarding our customers' data and privacy. We employ advanced security measures at multiple stages of our product development to defend against a range of attacks, from basic vulnerabilities to sophisticated threats. If you are a security researcher and have identified a potential security vulnerability in TraCarta’s products, we encourage you to report it responsibly. Please submit a detailed bug report to us at connect@tracarta.com with the necessary steps to reproduce the issue. We are committed to investigating and addressing legitimate concerns promptly, and we kindly request that you refrain from public disclosure while we resolve the issue.
Let's Connect
Reach out to discuss your needs or discover more about our tailored solutions.