Security
Security is foundational to everything we build. Learn about our security practices, infrastructure, and commitment to protecting your data.
Security Contact: security@prarysoft.com
1. Security Overview
PrArySoft maintains a comprehensive security program designed to protect the confidentiality, integrity, and availability of our systems and customer data. We implement industry-standard security controls and continuously monitor and improve our security posture.
2. Infrastructure Security
2.1 Hosting and Data Centers
- Our services are hosted on enterprise-grade cloud infrastructure with SOC 2 Type II certification
- Data centers maintain physical security controls including 24/7 monitoring, biometric access, and environmental controls
- Infrastructure is distributed across multiple availability zones for redundancy
2.2 Network Security
- All network traffic is encrypted using TLS 1.2 or higher
- We support TLS 1.3 for enhanced security and performance
- Firewalls and intrusion detection systems protect our network perimeter
- Regular vulnerability scanning and penetration testing
2.3 DNS Security
- DNSSEC enabled to prevent DNS spoofing attacks
- SPF, DKIM, and DMARC configured for email authentication
3. Application Security
3.1 Secure Development
- Security is integrated into our software development lifecycle (SDLC)
- Code reviews required for all changes
- Automated security scanning in CI/CD pipelines
- Dependency vulnerability monitoring
3.2 Security Headers
Our web applications implement security headers including:
- Strict-Transport-Security (HSTS) — Enforces HTTPS connections
- Content-Security-Policy (CSP) — Prevents XSS and injection attacks
- X-Content-Type-Options — Prevents MIME type sniffing
- X-Frame-Options — Protects against clickjacking
- Referrer-Policy — Controls referrer information
3.3 Authentication and Access Control
- Strong password requirements enforced
- Session management with secure, HttpOnly cookies
- Role-based access control (RBAC) for administrative functions
- Audit logging of security-relevant events
4. Data Protection
4.1 Encryption
- In Transit: All data encrypted using TLS 1.2+ during transmission
- At Rest: Sensitive data encrypted using AES-256 encryption
- Encryption keys managed using industry-standard key management practices
4.2 Data Handling
- Data minimization — we collect only what's necessary
- Data is not sold or shared for advertising purposes
- Customer data is never used to train AI models
- Clear data retention policies with automatic deletion
5. Incident Response
We maintain a documented incident response plan that includes:
- 24/7 monitoring for security events
- Defined escalation procedures
- Customer notification within 72 hours of confirmed data breaches (per GDPR requirements)
- Post-incident review and remediation
6. Compliance
Our security program is designed to support compliance with:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA/CPRA)
- SOC 2 Type II principles
For detailed compliance information, see our Compliance page.
7. Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential security issue, please report it to:
Security Team: security@prarysoft.com
Please include a detailed description of the vulnerability and steps to reproduce.
We commit to acknowledging reports within 48 hours and providing updates on remediation.
8. Employee Security
- Background checks for employees with access to sensitive systems
- Security awareness training
- Principle of least privilege for system access
- Secure remote work policies
9. Business Continuity
- Regular backups with tested restoration procedures
- Disaster recovery planning
- Geographic redundancy for critical systems
10. Contact
For security-related inquiries or to request additional security documentation:
Email: security@prarysoft.com
General Inquiries: support@prarysoft.com