Security Information Page

Company Security Overview

We take the security and privacy of customer data seriously. Our infrastructure and processes are designed to protect sensitive information and ensure system reliability, availability, and confidentiality.

Our platform is hosted on Amazon Web Services (AWS), a globally recognized cloud provider with robust physical and environmental security controls.

Infrastructure Security

Our production environment is hosted in AWS within a Virtual Private Cloud (VPC), providing logical isolation from external networks.

Security measures include:

• Network segmentation using VPC
• Restricted access via security groups and firewall rules
• Encrypted communication using HTTPS (TLS)
• Role-based access control using AWS IAM
• Limited administrative access restricted to authorized IP addresses
• Continuous monitoring using AWS CloudWatch and GuardDuty

Access Control

Access to systems is restricted using least-privilege principles.

Controls include:

• unique user authentication credentials
• role-based permissions
• multi-factor authentication (MFA) where applicable
• restricted administrative access
• periodic access review

Data Protection

We implement safeguards to protect customer data:

• encryption in transit via HTTPS/TLS
• controlled access to production systems
• logging and monitoring of system activity
• secure credential storage practices

Customer data is retained only as necessary to meet operational, contractual, and regulatory requirements.

Monitoring and Threat Detection

We monitor infrastructure activity to detect potential security threats.

Tools include:

• AWS GuardDuty for threat detection
• CloudWatch for system monitoring and alerts
• logging of access and system activity

Alerts are configured for suspicious activity and operational anomalies.

Change Management

All production changes are tracked through version control systems and deployed using controlled processes.

Controls include:

• pull request workflow
• change tracking via GitHub
• deployment logging
• rollback capability

Vulnerability Management

We regularly review system configurations and dependencies to maintain secure environments.

Security updates and patches are applied as needed to maintain system integrity.

Incident Response

We maintain procedures to respond to security events, including investigation, containment, and remediation steps.

Monitoring tools provide alerts for potential security incidents.

Data Privacy

We are committed to protecting customer privacy.

Customers may request account deactivation or data review by contacting our support team.

Data retention practices follow applicable legal and contractual obligations.

Contact

For security-related inquiries:

info@rxconnexion.com