We employ a multi-layered approach to security.
- The connection to our app and all pages in it are encrypted using the latest encryption technologies, as verified by GoDaddy. This is visible in your browser address bar as "https://" (rather than unsecured "http://"). Most browsers also show a lock icon or some other visual cue that your connection is secure.
- We encrypt and mask sensitive data fields such as your password, Federal Employer Identification Number, and Metrc API keys.
- We have integrated the OWASP Top 10 into our SDLC (software development lifecycle). The Open Web Application Security Project is a nonprofit organization that regularly publishes the top 10 web application vulnerabilities and provides best practices for mitigating those vulnerabilities.
- We use a role-based access model in which Simplifya employees have admin access that is limited to the needs of their role. For example, sales reps only have access to the features and data necessary to conduct demos. Regulatory Analysts only have access to the features and data necessary to develop and maintain our content. Simplifya employees NEVER have access to your compliance content, including documents, SOPs, and audits.
- Similarly, the app allows clients to grant specific permissions to specific documents by user. For example, when uploading a document to Smart Cabinet, you have the option to control who can see the document and whether they have permission to view or download it. Clients also have the option to password-protect documents upon upload, after which the password is required to read or download the document.
- Many security provisions are inherent to cloud-based apps running on Amazon Web Services. The AWS security program is rigorous and comprehensive, so we encourage you to read about it on their website.