Equitrack
Security
How we process data at EquiTrack
Data Storage
Our application employs MongoDB databases hosted in European AWS regions to ensure data sovereignty and GDPR compliance, with all data encrypted at rest using industry-standard protocols. The web infrastructure is hosted on Vercel’s enterprise-grade platform, featuring built-in DDoS protection and global edge security, while content management is facilitated through Storyblok’s secure infrastructure located in Frankfurt, Germany.
Backup and Restore
Our backup strategy includes automated daily backups for all database systems, point-in-time recovery capabilities supported by our AWS infrastructure, multi-region redundancy for critical systems, and a 30-day retention period for all backups, ensuring robust data protection and disaster recovery.
Access Control
Our access control measures include an OAuth 2.0 compliant JWT authentication system, role-based access control (RBAC) for granular permission management, secure API endpoints protected with TLS 1.2+ encryption, and the implementation of a zero-trust security model to ensure robust protection of sensitive resources.
Security Monitoring
While direct security monitoring is out of scope for our software delivery, our infrastructure providers offer:
- DDoS protection through Vercel’s global edge network
- AWS CloudWatch monitoring for backend services
- Automated vulnerability scanning through our hosting providers
- Real-time threat detection and response
- Vulnerability Assessment
Our vulnerability assessment strategy involves regular code reviews, adherence to security best practices, and proactive dependency scanning and updates. We leverage the continuous security assessments provided by our partners, including Vercel’s enterprise-grade security scanning, AWS’s comprehensive suite of security tools, and Storyblok’s ongoing security testing through Detectify, ensuring a robust and resilient security posture.
Employees (Forward Digital)
All our developers follow security-first development practices Regular security training and updates, Strict access control policies for client data, CyberEssentials certified team members.
Certifications
Forward Digital:
- CyberEssentials certified
Compliant with UK government standards
Our infrastructure providers maintain:
- ISO 27001 certification (AWS, Vercel)
SOC 2 Type 2 compliance
GDPR compliance
Various other security certifications including PCI DSS
Additional GDPR Considerations
- All our service providers (AWS, Vercel, Storyblok) are GDPR compliant
- Data processing agreements (DPAs) are in place with all providers
- All data remains within the EU/UK
- We maintain detailed data processing records as required by GDPR