Security and Privacy are of utmost importance and are given the highest priority at Hubilo. We are committed to protect the confidentiality, integrity, availability, and privacy of our information systems and customer’s data through the implementation of numerous controls.
Hubilo invests heavily in security and privacy framework to ensure we meet or exceed industry standards, applicable law & regulations, and most importantly, our customer’s expectations.
Data is entirely encrypted whether in transit or at rest using the industry-standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit.
Only secure access (HTTPS) to the Hubilo website and platform is allowed.
Stringent access management controls are in place to grant authorized users the right to use a service while restricting access to unauthorized users. Hubilo has implemented security policies across all systems (including APIs), platforms, applications, and devices to identify security violations, remove unauthorized access privileges, and revoke access if necessary. Role-based access controls and least privilege access controls are in place.
Automated full-time backups are taken of the databases to mitigate the risk of losing customer data due to disk corruption. Periodic backup and restoration tests are performed to ensure easy and timely recovery of data. Disaster Recovery sites are set up to ensure minimal loss and support business continuity. Annual disaster recovery drills are conducted to ensure Hubilo can respond to disasters and emergencies that affect the information systems. Such drills help minimize the risk of a security mishap on business operations.
Hubilo platform is powered by Amazon Web Services (AWS) for hosting and computing activities since AWS is the world’s most secure cloud platform. AWS maintains and demonstrates tons of compliance programs which are but not limited to SSAE-16 SOC 1, 2, and 3, ISO 27001, etc. Hubilo has segregated the production environment from the non-production environment both physically and logically to maintain the confidentiality, integrity, availability (CIA), and privacy of customer’s data.
Hubilo is ISO 27701:2019 and ISO 27018:2019 certified. PII data is collected and processed within the limits of the law and for business use cases agreed with customers. All PII data is deleted once the purpose is fulfilled. Stringent security controls such as encryption, access controls, and multi-factor authentication are in place to protect PII data. PII data is not used for testing purposes.
Hubilo has defined an incident management policy to respond and resolve critical incidents. This involves a set of procedures and actions such as – how incidents are detected and communicated, who is responsible, what tools are used, and what steps are taken to resolve the incident.
Hubilo conducts rigorous periodic VAPT with leading independent security consulting firms to obtain a detailed view of the threats that might impact the security and privacy framework of Hubilo’s platform and various applications. It helps Hubilo to protect data and systems from malicious attacks, which may lead to any kind of data loss and unauthorized access to the systems.
Users are authenticated with unique IDs and passwords that are protected by a strong encryption mechanism by using bcrypt. A strict password policy is implemented at Hubilo along with multi-factor authentication (MFA) to make the environment more secure.