Devsy Host follows layered security and privacy practices to protect customer data across the lifecycle. Key measures include:
- Encryption: Data in transit is protected with TLS/HTTPS. Where applicable, sensitive data can be encrypted at rest using industry-standard algorithms.
- Access Controls: Role-based access to production systems, two-factor authentication for control panels, and strict key management practices.
- Network Protections: Firewalls, DDoS mitigation, and network segmentation to isolate customer workloads and reduce attack surface.
- Monitoring & Logging: Continuous monitoring, intrusion detection, and log aggregation for fast incident detection and response.
- Backups & Recovery: Regular automated backups with configurable retention and tested restore procedures to minimize data loss risk.
- Privacy-by-Design: Data minimization, purpose limitation, and contractual safeguards with subprocessors to protect customer data globally.
If you have specific compliance needs (e.g., PCI, HIPAA, GDPR), Devsy Host can provide information about technical and contractual controls, available add-ons, and data residency options to help meet your obligations.
For incident reporting, the policy section above explains notification procedures; customers with enterprise agreements also receive dedicated incident response contacts.
