We take security very seriously at Aflorithmic Labs (Api.audio).
We know our users place a high level of trust in Aflorithmic Labs and our Api.audio products we make to manage mission critical infrastructure. The security of customer data, of our products, and our services are a top priority. Aflorithmics best-in-class security starts at the foundational level and includes internal threat models, routine internal and external security assessments, and secure software development.
Some things we do:
- Force HTTPS on all connections, so data in-transit is encrypted with TLS.
- Encrypt all database data at-rest with AES-256.
- Host all servers in the US and EU, in data centers that are SOC 1, SOC 2 and ISO 27001 certified. Our data centers have round-the-clock security, fully redundant power systems, two-factor authentication and physical audit logs.
- Regularly conduct internal penetration tests by our reliability team (reports available for enterprise customers).
- Regularly conduct security awareness training sessions with all employees.
- Maintain detailed audit logs of all internal systems.
- All engineers use 2FA to access our systems - this is enforced across
- More detailed reports are available on the corporate plan (SOC2 etc)
We run a dedicated security review meeting monthly. Where our CTO, and several engineers review our security threats.
- Review our metrics for issues such as security incidents.
- Do post-mortems of any security incidents and pass on these learnings to our engineers
- We regularly run internal and external penetration tests, and vulnerability assessments.
- Reviewing any vulnerability reports
We deeply appreciate any effort to discover and coordinate the disclosure of security vulnerabilities. Aflorithmic does not currently operate a public bug bounty program or offer monetary rewards for vulnerability reports, but individuals may be acknowledged in product security bulletins as appropriate.
If you would like to report a vulnerability in one of our products or services, or have security concerns regarding Aflorithmic software or systems, please email [email protected].
To support a timely and effective response to your report, please include any of the following:
- Steps to reproduce or proof-of-concept
- Any relevant tools, including versions used
- Tool output
Aflorithmic takes all vulnerability reports very seriously and aims to rapidly respond and verify the vulnerability before taking the necessary steps to address it. After an initial reply to your disclosure, which should be directly after receiving it, we will update you periodically with our response and remediation status.
Updated almost 2 years ago