Security

Security Overview

Last updated: November 30, 2023

Statement of Commitment

Our clients place their confidence in us to safeguard their data security and privacy, and every member of the Terralytiq team is deeply committed to upholding this trust. Our senior management advocates for and supports the adoption of all essential information security tools and methodologies. This commitment is upheld steadfastly, ensuring that the delivery of Terralytiq’s products and services remains smooth and uninterrupted, while simultaneously guaranteeing the confidentiality, integrity, and accessibility of our customers’ data.

To elevate our level of trust with our customers and to reinforce our dedication, we have established an Information Security Management System (ISMS) that aligns with the internationally recognized standards of information security and data privacy that is in-line with NIST, the Cloud Security Alliance, ISO 27001:2019 and SOC 2. All subprocesses deployed during development by Terralytiq are ISO 27001 certified and SOC 2 certified.

Terralytiq is dedicated to continually enhancing our ISMS and to persistently uphold our promise of data privacy to our customers and our team, now and in the future.

Authentication

Terralytiq supports Single Sign-On authentication via Google Workspace, or Microsoft Outlook. Other authentication options include Magic Link authentication via email and password authentication with Verification Code, although we recommend SSO. Passwords are stored using the industry-standard, one-way password hashing function called bcrypt to hash passwords before they are saved.

Data security

We are proactively fortifying our application against common web vulnerabilities through automatic inclusion of secure HTTP headers, such as X-Content-Type-Options: nosniff and X-Frame-Options: DENY. Our data in transit is encrypted via TLS (Transport Layer Security), thereby safeguarding the integrity and confidentiality of data as it moves across the network. Moreover, we employ API route protection to implement rigorous authentication and authorization checks, ensuring that only legitimate requests are processed.

To protect our data at the storage level, we implement Row Level Security (RLS), an advanced security measure that controls access to data at a granular level. Each row of data in our database can have its own unique access policies, ensuring that users can only access the data they are authorized to view or modify. This access is securely managed using JSON Web Tokens (JWT), which provide a robust and scalable method for authenticating and transmitting information. JWT tokens ensure that each request to our database is authenticated and authorized, aligning with our commitment to data security and privacy.

At Terralytiq, we prioritize the security and integrity of our clients’ and users’ data. To this end, we employ a segmented data storage strategy.

Audit logs

We maintain service logs for our infrastructure and for key web-based actions within the Terralytiq product. Customers can access audit logs for their organization by submitting a formal request to security@terralytiq.com. Our logs are structured, and are retained for at least 30 days.

Secure SDLC

From the outset of defining requirements and designing our systems, we prioritize security, meticulously considering risks and trade-offs. This security-focused mindset extends through the entire lifecycle of our development process, including implementation, deployment, and ongoing operations. During our code review and pull request phases, we diligently scrutinize for any security issues. Moreover, we employ automated scanners on each pull request, effectively identifying potential vulnerabilities in open-source dependencies.

Visibility and alerting

Our approach to maintaining the highest standards of performance and reliability involves employing a diverse array of tools to monitor performance and logging errors across various aspects of our operations, including our web application, data services, and background processes. To ensure prompt and effective responses, we have configured alerts that are directly sent to the relevant on-call engineers, guaranteeing immediate attention to any arising issues.