Security Overview
At AutoInSync, security isn't a feature—it's the foundation of everything we build. We employ industry-standard safeguards to protect your professional workforce data.
Data Encryption
In Transit: All data sent to or from AutoInSync is encrypted in transit using 256-bit encryption via TLS 1.3. We enforce HTTPS across our entire platform to prevent man-in-the-middle attacks.
At Rest: Our data is stored using AES-256 encryption at the storage layer. This ensures that even in the event of physical hardware theft, your certification records remain unreadable.
Identity & Access
We leverage Auth0 (Okta) for all identity management. This means your passwords are never stored on our servers. Auth0 provides enterprise-grade features including:
- Multi-Factor Authentication (MFA) support.
- Brute-force protection and anomaly detection.
- Secure session management and token-based authentication.
Infrastructure
Cloudflare Protection: Our application is shielded by Cloudflare’s Web Application Firewall (WAF), mitigating DDoS attacks and SQL injection attempts before they reach our core systems.
Monitoring & Availability: We use Sentry for real-time error tracking and maintain a public Status Page. Our infrastructure is designed for high availability to ensure your compliance records are accessible 24/7.
Sub-processor Compliance
| Partner | Encryption Standard | Certifications |
|---|---|---|
| Auth0 (Identity) | AES-256 GCM | SOC2, HIPAA, ISO → |
| Stripe (Payments) | AES-256 (At Rest) | PCI-DSS Level 1 → |
| Cloudflare (Security) | TLS 1.3 / AES-256 | SOC3, GDPR, FIPS → |
| SendGrid (Email) | Opportunistic TLS | ISO 27001 → |