Security

Last updated April 2019

Soulpicks fully commits to the privacy and security of your data. Our goal is to deliver an excellent app experience while respecting your privacy and while keeping your data both private and secure. Our approach is security by design. This means that security is an integral part of our software development process and that it is taken into account for each feature, instead of applying it afterward. Below you find an overview of the security measures we take to protect your data.

We continue to expand and update this information as we make improvements to our apps, architecture, and environments.

Secure environment

We host all our data at Amazon Web Services (AWS), an industry-standard cloud provider trusted by many, and we use serverless technologies. AWS offers enterprise-grade security for all its services, and its infrastructure meets dozens of compliance programs. AWS also assures that all components, such as web servers, application servers, database, and file systems are always up and running. Moreover, these components cannot be accessed directly, are always up to date with the latest security patches and have limited permissions so they can only access the resources they need. We secure access to the AWS environment with role-based access control, multi-factor authentication and strong passwords, protected by password managers.

Encryption everywhere

We transmit our data over networks using strong encryption. This encryption also includes data transmitted between the apps and the secure environment, and data transmitted within the cloud. Soulpicks supports the latest recommended secure cipher suites to encrypt all data traffic, including the use of TLS 1.2 protocols, AES256 encryption, and SHA2 signatures. We encrypt all pictures with a unique key employing strong multi-factor encryption. As an additional safeguard, the key itself is encrypted with a master key that is regularly rotated. Your data, stored in a secure database, is also fully encrypted using the same level of encryption.

Authentication

We use passwordless authentication which means that you do not need to remember a password to log in. Not only does this improve the user experience, but it also eliminates the risk of unauthorized access in case the same password is used across multiple websites or apps. Soulpicks uses Auth0, a specialized authentication and security partner, which offers OIDC-conformant passwordless authentication. This type of authentication means that Auth0 issues, validates and stores all security tokens, and therefore, we do not store these in our systems.

Isolated environments

We entirely separate production data and make it inaccessible to Soulpicks employees by default. We consider your data private and do not permit other users to access it unless you explicitly choose otherwise.

Privacy and compliance

Please read ourPrivacy Policyto understand for which purpose we collect personal data.