Security

How we protect your data and ensure the integrity of our platform

Security Overview

At FulliO, security is our priority. We understand the critical importance of protecting your data and maintaining the integrity of our platform. Our security program is built on industry best practices and designed to ensure your information remains safe and confidential.

Our Security Measures

Data Encryption

All data is encrypted both in transit and at rest using industry-standard encryption protocols. We use TLS/SSL for all data transfers and AES-256 encryption for stored data.

Access Controls

We implement strict access controls and authentication mechanisms to ensure only authorized personnel can access sensitive systems and data.

Authentication

Our platform supports multi-factor authentication, strong password policies, and secure session management to protect user accounts.

Vulnerability Management

We conduct regular security assessments, vulnerability scans, and penetration tests to identify and address potential security issues.

Backup & Recovery

We maintain regular backups of all critical data and have robust disaster recovery procedures to ensure business continuity.

Compliance

Our security program aligns with industry standards and regulations including GDPR, CCPA, and SOC 2 principles.

OWASP Top 10 Protection

We implement comprehensive measures to protect against the OWASP Top 10 security risks:

  • Injection: We validate all inputs and use parameterized queries to prevent SQL injection and other injection attacks.
  • Broken Authentication: Our authentication system uses secure session management, strong password policies, and protection against brute force attacks.
  • Sensitive Data Exposure: We encrypt sensitive data and implement proper key management practices.
  • XML External Entities (XXE): Our XML processors are configured to prevent XXE attacks.
  • Broken Access Control: We enforce strict access control mechanisms at both the application and infrastructure levels.
  • Security Misconfiguration: We follow secure configuration standards and regularly audit our configurations.
  • Cross-Site Scripting (XSS): We implement content security policies and output encoding to prevent XSS attacks.
  • Insecure Deserialization: We validate and sanitize all serialized data before processing.
  • Using Components with Known Vulnerabilities: We maintain a vulnerability management program to regularly update dependencies.
  • Insufficient Logging & Monitoring: We implement comprehensive logging and monitoring with SIEM integration for anomaly detection.

Security Incident Response

We have a dedicated security incident response team and established procedures to quickly address potential security incidents. Our process includes:

  • Incident detection and confirmation
  • Containment and eradication of the threat
  • Recovery of affected systems
  • Post-incident analysis and improvements
  • Timely notification to affected parties when required by law

Security Certifications and Assessments

Our security program undergoes regular independent assessments and audits to ensure compliance with industry standards and best practices. We maintain the following certifications and attestations:

  • SOC 2 Type II
  • ISO 27001
  • GDPR Compliance
  • CCPA Compliance

Security Recommendations for Users

While we implement robust security measures on our end, security is a shared responsibility. We recommend users follow these security practices:

  • Use Passkeys everywhere possible, No Passwords, No Phishing, Just Seamless Protection!
  • Use strong, UNIQUE passwords for each account
  • Enable multi-factor authentication when available
  • Keep your devices and browsers updated
  • Be cautious of phishing attempts and suspicious links
  • Log out of your account when using shared devices
  • Regularly review your account activity

Reporting Security Issues

If you discover a security vulnerability or have concerns about the security of our platform, please contact our security team immediately at security@fullio.com. We appreciate responsible disclosure and will work with you to address any valid concerns.

Last updated: June 12, 2023