Data Security & Privacy

We take security absolutely serious.

Security Hero Image

Our Data Security Processes

We implement industry best practices.

Password Policy

Every password is a minimum of 12 characters with 1 (or more) digits, 1 (or more) symbol, 1 (or more) upper case letter, and 1 (or more) lower case letter.

Cloud Best Practices

We store data in Amazon Web Services (AWS) - generally S3 and RDS instances - following all recommended encryption and security standards.

Data In-Transit

All data in transit is encrypted via Transport Layer Security (TLS).

Data At-Rest

All data at rest is protected with server-side encryption (e.g., S3 bucket encryption).

Application Credentials

Application credentials are rotated every seven (7) days using Amazon Secrets Manager.

Identity & Access Management

AWS IAM roles and policies are used to enforce "least privileges access" and "zero trust" policies.

Virtual Private Cloud (VPC)

All data is processed within an AWS VPC providing secured and monitored connections, screened traffic, and restricted instance access.

Certificate Management

We use AWS Certificate Manager (ACM) to securely and automatically manage the entire certificate life-cycle.

Key Management

We use AWS Key Management Service (KMS) to securely and automatically manage our encryption keys.

Monitoring & Auditing

We use AWS CloudTrail and CloudWatch to monitor and audit our entire data protection infrastructure.

FAQs

Frequently Asked Questions

Do you have a privacy policy?

Yes, you can access it here.

How long do you store data?

Your data is stored so long as you're a customer of symphonie. If you close your account, all your data is purged within 24-hours.

Do you store Personally Identifying Information (PII)?

If you choose to use certain components of our platform, we may by necessity store PII. For example, our integration between Amazon Vendor Central and your 3PL that enables automated management of Purchase Orders (POs) may by necessity include PII.All PII is protected using industry best practices.

Do you only use AWS?

Today we primarily use AWS for all our cloud-based infrastructure. For specialized use cases, we may use Google Cloud as an alternative to AWS. When we do so, we use the equivalent Google Cloud security best practices and technology.

What technologies manage your infrastructure?

We use Terraform to implement an Infrastructure as Code (IaC) environment. This enables us to efficiently, quickly and scalably manage all our infrastructure (e.g., KMS, ACM, S3, RDS) with minimal risk of human error.In short, IaC enables us to implement and maintain industry best practices for data security by minimizing manual steps.

Have questions?

Feel free to contact us using the form below.We're here to help!