Security

Your trust is our most important asset. We are committed to building a platform that is secure, private, and worthy of protecting your family’s future. This page outlines the measures we take to secure your information.

Infrastructure & Hosting

• Amazon Web Services (AWS): Our entire platform is hosted on Amazon Web Services (AWS), the industry-leading cloud provider trusted by major banks, healthcare organizations, and governments. This means we benefit from AWS’s state-of-the-art physical and network security and its robust infrastructure designed for high availability and protection against sophisticated attacks.
• Network Protection: We utilize AWS security features like Virtual Private Clouds (VPCs) and network firewalls to create an isolated and protected environment for our servers, blocking malicious traffic and preventing unauthorized access.

Data Protection

• Encryption in Transit: All communication between your device and SimplyTrust is encrypted using TLS 1.2 or higher. This ensures that your data is secure and confidential while it travels over the internet.
• Encryption at Rest: Your personal information is stored in our MySQL databases. We employ volume-level encryption for all our database instances, meaning the underlying storage is fully encrypted using the AES-256 standard. This protects your data even in the rare event of a physical security breach.

Account Security & Access

• Secure Authentication: We protect your account with more than just a password. Access is secured using a One-Time Passcode (OTP) sent directly to your phone. This form of Multi-Factor Authentication (MFA) provides a powerful defense against unauthorized logins, ensuring that only you can access your account.
• No Direct Payment Handling: We do not process or store your credit card information on our servers. All payments are handled securely through Apple Pay and Google Pay. This means your sensitive financial data is protected by their world-class security systems, and we never have access to it.
• Limited Internal Access: Access to your personal data by SimplyTrust employees is strictly controlled and limited to a need-to-know basis for support and platform maintenance. All access is logged and monitored.

Our Commitment

• Secure by Design: We follow secure software development practices to build security into our application from the ground up. Our code is regularly reviewed and tested for potential vulnerabilities.
• Vulnerability Reporting: We are committed to working with the security community to resolve any potential issues. If you are a security researcher and have found a vulnerability, please report it responsibly to us at security@simplytrust.io. We will investigate all reports and do our best to address them promptly.