Current is built using a modern, enterprise-level technology stack in order to keep your data secure.
Current takes security very seriously. We understand that we’re storing image, videos, and links of your company’s intellectual property and are committed to keeping it private and safe. Current encrypts data at rest and in-transit.
SOC 2 Type 2
Current is SOC 2 Type 2 compliant. If you would like to see a copy of our report please reach out at email@example.com
We have conducted a third-party penetration test, if you would like to see the report, please reach out at firstname.lastname@example.org.
Cloud Application Security Assessment
Current has successfully completed a Cloud Application Security Assessment (CASA), validating Current has satisfied CASA application security requirements. If you're like to see the report, please reach out at email@example.com.
Current is built primarily using AWS (Amazon Web Services) to ensure we have scaleable, fast, and secure staging, and production environments.
Current’s Security Features
Current encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Current platform. We also use AES-256 bit encryption to secure your data stored at rest.
Single Sign On (SSO)
We use Google OAuth 2.0 for Authentication meaning we don't store any user passwords. Additionally we only ask for the minimum amount of permissions necessary to effectively use Current.
In addition to Google OAuth 2.0, we offer customers the ability to configure a SAML Identity Provider and have a feature to enforce SAML sign in.
Incident response plan
In the event of a data leak or security vulnerability, we have pre-defined escalation plans internally to triage the problem to the right team, communicate with customers, and resolve the issue.
Software Development Lifecycle (SDLC)
All code changes are reviewed by teammates in order to ensure quality of our software, and integrity of our security.
Current uses automated scanning tools to monitor our infrastructure and warn us about potential vulnerabilities.
Employees are required to use multi-factor-authentication (MFA) where possible for services we use to manage, develop, and deliver Current. Access to production environments is only granted on an as-needed basis. We have logging throughout our staging and production environments to track when employees access or make changes.
All employees are required to complete regular data privacy and security training.
Security Questions or Issues
If you believe you may have identified an issue with Current’s security or have any questions, please email us at firstname.lastname@example.org