Security

Security is fundamental to SortSwift. We are committed to protecting the confidentiality, integrity, and availability of our users' data. We implement industry-leading security practices, maintain rigorous compliance standards, and continuously improve our security posture to safeguard against evolving threats.

Our security approach is built on defense-in-depth principles, combining technical controls, operational procedures, and organizational policies to provide comprehensive protection for our platform and your data.

Multi-Factor Authentication (MFA): We support MFA to add an additional layer of security beyond passwords. Users can enable MFA to require verification through a second factor when logging in.

Role-Based Access Control (RBAC): SortSwift implements RBAC to ensure users only have access to the resources and functions necessary for their role. Permissions are granularly defined and regularly reviewed.

Session Management: User sessions are managed securely with automatic timeout after periods of inactivity. Session tokens are cryptographically secure and validated on every request.

Password Security: Passwords are hashed using modern algorithms (bcrypt or equivalent) and are never stored in plaintext. We enforce password complexity requirements and support password managers.

PCI DSS Compliance: When processing credit card transactions, SortSwift complies with PCI Data Security Standard (PCI DSS) requirements. We use PCI-compliant third-party payment processors to handle sensitive payment information, and we do not store raw credit card data on our servers.

GDPR Compliance: SortSwift is compliant with the General Data Protection Regulation (GDPR). We provide data subject rights including access, rectification, erasure, and data portability. Our data processing agreements are compliant with GDPR requirements.

SOC 2 Type II: SortSwift maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality controls. Regular audits verify our compliance with these standards.

CCPA Compliance: For users subject to the California Consumer Privacy Act (CCPA), SortSwift respects consumer privacy rights and maintains appropriate data handling practices.

Cloud Infrastructure: SortSwift infrastructure is hosted on secure, geographically distributed cloud platforms with industry-leading security practices. All infrastructure is monitored 24/7 for security events.

Network Security: We employ firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to monitor and protect network traffic. DDoS mitigation services protect against distributed denial-of-service attacks.

Server Hardening: All servers are configured following security hardening standards. Unnecessary services are disabled, security patches are applied promptly, and systems are regularly updated.

Database Security: Database servers are isolated in secure network segments, access is restricted to authorized applications, and all database activity is logged and monitored for suspicious behavior.

Secure Development: SortSwift follows secure software development practices including code reviews, static application security testing (SAST), and dynamic application security testing (DAST).

Vulnerability Management: We maintain a comprehensive vulnerability management program including regular security assessments, penetration testing, and vulnerability scanning. Identified vulnerabilities are prioritized and remediated promptly.

Input Validation: All user inputs are validated and sanitized to prevent injection attacks, cross-site scripting (XSS), and other common web vulnerabilities.

API Security: APIs are secured with authentication, authorization, rate limiting, and encryption. API keys and tokens are securely managed and regularly rotated.

SortSwift maintains a comprehensive incident response plan to rapidly detect, respond to, and recover from security incidents. Our incident response team is available 24/7 to address security concerns.

In the event of a confirmed data breach, we will notify affected users without unreasonable delay, as required by applicable law. Our notifications will include details of the incident, the data affected, and recommended steps to protect personal information.

We maintain detailed logs of all security incidents and conduct post-incident reviews to identify improvements and prevent recurrence.

Employee Access: Access to customer data and production systems is restricted to authorized employees with legitimate business need. All access is logged and monitored. Employees are required to sign confidentiality agreements and receive regular security training.

Third-Party Management: We carefully vet all third-party vendors and service providers. Contracts include security requirements, data protection obligations, and audit rights to ensure third parties maintain appropriate security controls.

Security Awareness: All SortSwift employees receive mandatory security training covering topics such as phishing prevention, secure coding, and incident reporting.

SortSwift implements comprehensive logging of all significant system events, security-relevant activities, and access to sensitive data. Logs are stored securely and retained for appropriate periods to support incident investigation and forensic analysis.

Security information and event management (SIEM) systems continuously monitor logs for suspicious patterns and anomalies. Alerts are generated for security-relevant events and investigated by our security team.

Real-time security monitoring enables rapid detection and response to potential security threats.

SortSwift maintains regular backups of all critical data in geographically distributed locations. Backups are encrypted and stored securely to protect against data loss and ransomware attacks.

We maintain a comprehensive disaster recovery plan and perform regular disaster recovery drills to ensure business continuity in the event of a significant incident.

Recovery time objectives (RTO) and recovery point objectives (RPO) are defined for critical systems to minimize potential downtime and data loss.

Penetration Testing: SortSwift conducts regular penetration testing by qualified security professionals to identify vulnerabilities and test the effectiveness of security controls.

Vulnerability Scanning: Automated vulnerability scanners are regularly run against all systems to identify known vulnerabilities and configuration weaknesses.

Security Assessments: Regular third-party security assessments are conducted to evaluate our overall security posture and identify areas for improvement.

SortSwift welcomes security researchers to responsibly disclose any security vulnerabilities they discover. We ask that researchers follow responsible disclosure practices and avoid accessing or modifying data, disrupting services, or publicly disclosing vulnerabilities without first providing us with an opportunity to address them.

If you discover a security vulnerability, please report it to: [email protected]

We will acknowledge receipt of your report, investigate the issue, and work with you to develop and communicate a fix. We aim to resolve security issues promptly and appreciate your contribution to keeping SortSwift secure.