Book a Demo

Security & Privacy at Simpleem

Security of our customers is the topmost priority – we work hard to maintain the security and integrity of your conversations data

Useful Links & Legal
Learn More

Core Access Policies

All our operations follow the guidelines below:
  • Least Privilege Principle
    Access must be limited to people and systems who have legitimate reasons to have it for business operations.
    1
  • Secure by Design
    Security should be laid in the foundation of any new feature or system, preventing unauthorized access and minimizing the attack surface.
    2
  • Consistency
    Security controls should be applied consistently across the whole system, preventing accidental misconfiguration and exposure of sensitive data.
    3
  • Recurrence
    Security controls and restrictions are revised on a regular basis and monitored 24/7/365 to stay up to date with new attack techniques and react to dangerous signals immediately.
    4

Data Protection

Our customers share highly sensitive data with us – recordings of their business calls. The consequences of those leaking to third parties can be catastrophic, and so Simpleem employs several data protection techniques to prevent such breaches:
At rest

All our data storages – S3 buckets and databases – are using securely encrypted storage. This guarantees that even a physical leak of the stored data will not expose any readable decipherable data to an adversary.

In transit

We employ TLS version1.2 or higher for any data transmission over public/insecure networks. This protects against an attacker who is able to intercept the traffic – they will observe only an indecipherable stream of bytes.

Secrets Storage

SSL certificates are managed by AWS Certificate Manager, encryption keys are stored in AWS Key Management System, and all other secrets are contained in AWS Secrets Manager.

Risk Evaluation

To focus on the most important aspects of security, we evaluate all our dependencies and vendors. This helps us identify the areas where most of our security efforts should be concentrated.
Vulnerability Scanning
We scan all production container images and code for known vulnerabilities using Snyk. Scans are performed during every deployment, which guarantees quick detection of newly disclosed vulnerabilities that can affect our system. We have an established process for handling such findings, our actions may vary depending on the severity and relevance.
Supply Chain Security
All our software dependencies are pinned to a hash, including transitive ones. During updates, we manually inspect the source code of installed versions of all updated or added packages. This prevents many classes of supply chain attacks, where the dependency can become the starting point of an exploit or introduce some malware.
Vendor-Associated Risks
All our decisions related to integration of external vendors are based on initial risk assessment. Inherent risk is determined based on multiple factors, such as the categories of data it can access and the potential impact on Simpleem’s production systems.

Human Resources

Humans are often the weakest part of an otherwise secure system. Here’s why we take it seriously and enforce the following rules

Onboarding

All new engineers complete a mandatory security training covering security aspects of development and explaining security practices and policies enforced at Simpleem

Training

All Simpleem employees undergo security training annually. Our engineers and other personnel are educated to detect and prevent human-centric attacks like social engineering

Access Management

We use Microsoft Office 365 as an identity management solution and single sign-on on other platforms. Such accounts are deprovisioned upon employee termination, and any access granted to them is revoked immediately

Boost your business with Simpleem AEI
Book a Demo