SECURITY AT TIPPLE
Safeguarding Your Data and Your Customers’ Privacy: Our Top Priority
Governance and protection
Encryption at rest
All data is encrypted at rest using AES-256 with the principle of least privilege governing access to the encryption keys, providing robust protection against unauthorized access to stored information.
Encryption in transit
All data (customer data or otherwise) is encrypted in transit by default using TLS1.2 or TLS1.3 between all components. No data is ever sent unencrypted, safeguarding data integrity.
Secret management
Encryption keys are managed via AWS KMS. AWS KMS securely stores key material and prevents direct access by any individuals, including employees of Amazon. The keys stored in HSMs are used for encryption and decryption via Amazon’s KMS APIs. Application secrets are encrypted and stored securely via AWS Secrets Manager and access to these values is strictly limited.
Penetration testing
Tipple's systems regularly undergo penetration testing by third-party security testing companies. Any findings above low security are immediately investigated and resolved.
Secure coding
We adhere to secure coding practices by integrating security checks and vulnerability assessments throughout our development process. This proactive approach ensures our code is resilient against threats and aligns with industry standards for security.
Access controls
We implement strict access controls based on the principle of least privilege, ensuring that users and systems have only the permissions necessary to perform their specific tasks. This minimizes the risk of unauthorized access and enhances the security of our platform.