Security Policy

Overview

Thank you for using PDF Technologies, Inc.("us", "we", or "our") products and services. Please read the following information to understand our Security Policy:
We understand how important the security and privacy of your data is. We are dedicated to providing a reliable and secure environment on cloud storage space and all cloud-based applications and services. The information on this page is intended to provide transparency about how we protect customer’s data when customers use our products or services.
We continue to perform security checks on a regular basis, including monitoring the infrastructure for suspicious activities or potential threats, examining the company's information security risks, updating the security model, and addressing new security issues. With this management process, we ensure that the security controls continue to meet the company's evolving information security needs.

Network Security

We secure our network boundaries using a combination of load balancers, firewalls, and VPNs to control which services we expose to the Internet and to segment our production network from the rest of our computing infrastructure. We strongly authenticate and limit access to our production infrastructure based on business needs to protect our data and network security. The firewalls are configured to serve as perimeter firewalls to block ports and protocols and are used in applications and the Cloud to shield them from attack and the loss of valuable customer data.

Account Security

A 6-digit password is required for your ComPDFKit API account (ComPDFKit API ID). We encourage you to choose a complex password that is different from any other site you log into and contains a mix of letters and numbers. We never store your password in plain text.
Please keep your password and or any personal information safe and do not provide any personal information, especially your password, to anyone.

Email Security

We use several email domains to run services. Each domain serves a different purpose, such as sending system notifications, providing communications, or sharing marketing information.
When you receive an email from us or our products, we want you to be sure it's from us instead of from hackers or phishing websites. If you receive an email from one of these domains, you can trust that it is from us:
● @compdfkit.com

Product Security

We perform an in-depth analysis of security and privacy checks on any feature or code implemented into our systems or products. The code is saved into a Git version control repository and evaluated in a test environment before deploying into our production environment.
Our development team is responsible for improving the security of program code and regularly assessing our applications and services for common security issues, including CSRF, injection attacks (XSS, SQLi), and session management. By using secure session tokens and timeout mechanisms, we ensure the security and validity of sessions. We take measures to prevent session hijacking and fixation attacks. Error messages are handled and displayed properly to prevent the leakage of sensitive information. We log security-related events, exceptions, and debug information for use in security audits and potential intrusion detection. We implement security testing procedures, including penetration testing, security vulnerability scanning, and code reviews, to identify and fix security flaws. We ensure that security testing is integrated with the development and upgrade processes of the application.

Customer Data Security

(1) We will limit the collection, storage, and use of your Personal Data to only what is necessary for the intended purposes.
(2) Our server is hosted on the Google Cloud infrastructure. Google Cloud is a trustworthy service in the industry and has a detailed explanation of its security measures. You may find more information at the following links:

Authorizing Access

We know the data you store in our products or services is private and confidential. We have strict controls over who can access the internal data to make sure your data is safe and private. At our team, no one, other than authorized developers, can access our database. This happens only if it is necessary to solve client-related issues or optimize system performance.

Activity Logging

We perform server-side logging of customer interaction with our services, including web server or application access, as well as activity logging through our API. You can contact our customer service to check the latest access time for each application linked to your account.

System Monitoring and Alerting

We collect and store production server logs to analyze and monitor the security status of our production infrastructure. Logs are stored and indexed in a separate network.

Transport Encryption

We ensure our customer data is protected at all times by encrypting data on all servers at rest or in transit. We use TLS v1.2 with strong ciphers to protect data and use RSA to encrypt data in transit. Customer passwords are hashed and salted with a modern hash function. By utilizing the technologies provided by Google Cloud, we make sure our customer data is highly secured in the network.

Backup

We constantly back up customer data on the Google Cloud network, with all data being backed up daily. The backed-up data is retained for 7 days.

Modifications to Security Policy

Considering the rapid development of technology, we may update this Security Policy from time to time to reflect changes in law, technology or business development in accordance with relevant legal requirements. You agree that you will be responsible for examining this Security Policy on a regular basis. By continuing the use of our products or services, you are deemed to accept the updated Security Policy. If you disagree with the updated Security Policy, please cease using our products or services.
When this Security Policy is updated, we will forthwith publish the updated version on our website and will notify our customers via our App or email as soon as possible.

Physical Security Protocols

Our system and customer data are set up on the Google Cloud network and are tightly protected. Google Cloud encrypts data at rest and data in transit. Connections are made private through Virtual Private Cloud (VPC), using network access channels that are protected by firewalls and controlled by the customer. It meets SSAE 16, ISO 27001, and PCI DSS requirements, and supports HIPAA compliance.
For more information about the Google Cloud data centers, please refer to the following link:https://cloud.google.com/sql

Privacy and Compliance

Please see our Privacy Policy (https://www.compdf.com/privacy-policy) for more information.
The Security Policy was last updated on February 22nd, 2024.