Application Security
End-to-end Encryption
All communications inbound and outbound from our software are protected with in-transit encryption using 2,048-bit or better keys and TLS 1.0 or above. Users with modern browsers will use TLS 1.2 or 1.3.
All information at rest in our database and data centres are encrypted with key management service that uses hardware security modules (HSMs) that have been validated under FIPS 140-2.
Web and Network Protection
Dayta monitors and mitigates potential attacks with several tools, including firewalls implemented in all layers from application to the network. Besides, our infrastructure contains a Distributed Denial of Service (DDoS) prevention defences to help protect your data and access our products.
Software Development Lifecycle (SDLC) Security
Dayta implements very strict static code analysis tools and human review processes to ensure consistent quality in our software development practices.
Datacenter Protections
Physical Security
Dayta products are hosted with cloud infrastructure providers with SOC 2 Type II and ISO 27001 certifications, among others. The certified protections include dedicated security staff, strictly managed physical access control, and video surveillance.
Software Security
Patch management
Dayta implements automated patch management service integrated with our software development lifecycle that identifies and addresses missing patches within the product infrastructure. Server-level instrumentation ensures tracked software packages use the appropriate versions.
Audits, Vulnerability Assessment & Penetration Testing
Vulnerability Assessment
Dayta tests for potential vulnerabilities on a recurring basis. We run static code analysis, and infrastructure vulnerability scans.
External Audit & Certification
Dayta is in the progress of the audit and certification process for industry-standard cloud security and privacy protection with third-party auditors.