Effective date “December 1, 2019“
We have gone above and beyond when it comes to storing your confidential data. In this section, we will thus expound on the measures taken by our engineers to ensure nothing bad happens to your data.
All of our systems are deployed within a private data-center in the cloud following the AWS Well Architected Framework with a special emphasis on the pillar of security and reliability. This means that you’re never going to lose your data and no one will be able to unsolicitedly access it.
You must have seen our obsession with security; when you’re dealing with financial data, no amount of security is too much (technically). Following the footsteps of the Giants in this area, we have deployed a Zero Trust, Segmented network architecture which means that no service can internally communicate unless it’s explicitly allowed to do so by an engineer. Network isolation implies that there is a clear delineation in the data traveling to and fro our systems in different environments without ever colliding with one another.
The entire Donut product ecosystem follows the concept of a tiered architecture and the principles of least privilege meaning that, at any given time, an API call or a host can do only the least amount of things required for it to function in line with the business requirements.
Last, but certainly not least, we also follow some of the leading standards in key management, key rotation, encryption in transit and rest, and code auditing.
All of our code runs on machines; how do we ensure the security of the machine? We employ best-in-class anti-virus, anti-malware, file-integrity monitoring and intrusion-detection systems to ensure that our application runs only on the cleanest of hardware. Amazon’s shared responsibility model allows us to forget about the nitty-gritties associated with managing the actual hardware and its security, reliability and availability.