Your information is safe with Speeki
Safety and security are in our DNA.
Speeki puts data security, integrity, and access above everything else.
We use a multi-layered approach to protect information inside Speeki.
Cloud security
Speeki's cloud infrastructure consists of physical and virtual servers, network firewalls, virtual private clouds, and private network routing all hosted in Amazon Web Services (AWS) data centres. We have a limited number of personnel who are authorised to manage hosting resources and firewall rules, with access via multi-factor authentication. Each access to the production environment is logged.
The hosting infrastructure complies with SSAE/AICPA SOC 2 and PCI DSS security standards, ISO 27001, ISO 27017 and ISO 27018. Details can be found here.
Physical access of the AWS data centres is strictly controlled at the perimeter and at building ingress points by professional security staff utilising video surveillance, intrusion detection systems and other electronic means. Authorised staff must pass two-factor authentication a minimum of two times to access data center floors.
Services & APIs security
Speeki has built a robust set of internal utilities and services to enhance productivity and safety for users. Our services include multi-factor authentication, password reset, stored sessions, translation, chat, and artificial intelligence services, as well as backend and external APIs.
Google Translate™, IBM Watson® and Twilio are hosted on multi-layer secure clouds. You can find Google Cloud security information here, IBM Cloud security information here, and Twilio Cloud security information here.
Application security
Speeki follows industry best practices for web application security, including OWASP guidelines, to help prioritise risks and identify, mitigate and fix vulnerabilities in both the application technology and source code. We protect Speeki applications against inadequate security logging and monitoring, unauthorised access, theft, as well as hijacking, exposure, or theft of client data.
Encryption and data protections
"Speeki encrypts your data both in transit and at-rest."
Any data transmitted between a user's device and the client product site is encrypted via HTTPS with an SSL certificate.
Data that is not actively being transferred (referred to as 'at-rest') is encrypted using Amazon Key Management Service with AES-256, one of the strongest block ciphers available. By encrypting at-rest databases, we're essentially converting your sensitive data into another form. This is usually done via an algorithm that cannot be understood by a user without an encryption key. Your data will only be accessed by authorised personnel who have the encryption key, so it is secure.
ISO 27001 Certified.
Speeki entities involved in software have achieved certification under ISO 27001:2013. The audit will examine how Speeki manages and secures client data, as well as how the application is built to protect client information appropriately. Additionally, Speeki designs and manages client data in compliance with GDPR and partners with clients annually to conduct privacy questionnaires to ensure ongoing GDPR compliance.
With Speeki, you can be assured that your data is safe.
Vulnerability & penetration testing
Speeki scans for code vulnerabilities and/or employs third-party penetration testing and vulnerability scanning prior to the release of the latest versions.
Encrypted backups
We encrypt our daily backups of files and databases, and we retain them for a period of 14 days. Backups are stored on Amazon Web Services' S3 service. In other words, they are not kept on the actual server.
Recovery practices
We test and update our disaster recovery plan at least once per year. Every month, Speeki restores backed-up data to verify that the data can be used and to verify that the backup is working as expected.
Security features
Users
- strong user authentication via SSO and MFA
- complex password controls
- deep-link for password reset
Content
- AES 256-bit encryption
- HTTPS SSL encryption
- antivirus scanning upon file uploads
Cloud infrastructure
- AWS, docker images regularly scanned
- use non-persistent encrypted tokens to call internal/external APIs
- AWS GuardDuty detects and blocks malicious activity
Logs
- sent email logs
- case information modifications