Security

Current is built using a modern, enterprise-level technology stack in order to keep your data secure.


Security commitment

Current takes security very seriously. We understand that we’re storing image, videos, and links of your company’s intellectual property and are committed to keeping it private and safe. Current encrypts data at rest and in-transit.


Infrastructure

Current is built primarily using AWS (Amazon Web Services) to ensure we have scaleable, fast, and secure staging, and production environments.


Current’s Security Features

Data Encryption

Current encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Notion platform. We also use AES-256 bit encryption to secure your data stored at rest.

Single Sign On (SSO)

We use Google OAuth 2.0 for Authentication meaning we don't store any user passwords. Additionally we only ask for the minimum amount of permissions necessary to effectively use Current.

SAML SSO

In addition to Google OAuth 2.0, we offer customers the ability to configure a SAML Identity Provider and have a feature to enforce SAML sign in.

Incident response plan

In the event of a data leak or security vulnerability, we have pre-defined escalation plans internally to triage the problem to the right team, communicate with customers, and resolve the issue.

Software Development Lifecycle (SDLC)

All code changes are reviewed by teammates in order to ensure quality of our software, and integrity of our security.

Vulnerabilities

Current uses automated scanning tools to monitor our infrastructure and warn us about potential vulnerabilities.


Compliance

SOC-2

Current is in the process of preparing for a SOC-2 type 1 audit to demonstrate our initial commitment to security. Following our Audit, we plan to undergo a 1 year observation window in which we demonstrate our continued compliance.


Corporate Security

Employees are required to use multi-factor-authentication (MFA) where possible for services we use to manage, develop, and deliver Current. Access to production environments is granted only granted on an as-needed basis. We have logging throughout our staging and production environments to track when employees access or make changes.

All employees are required to complete regular data privacy and security training.


Security Questions or Issues

If you believe you may have identified an issue with Current’s security or have any questions, please email us at security@current.so