At VerifyContractorLicense, we prioritize protecting your personal information and the integrity of our systems. Below are the security practices we currently follow.
1. Encryption: All data is encrypted in transit using HTTPS (TLS). Sensitive backend data is encrypted at rest using AWS-managed encryption keys.
2. Secure Configuration: Secrets, API keys, and service credentials are securely stored using AWS Systems Manager Parameter Store with encryption enabled.
3. Authentication: We use secure token-based authentication via JWTs with expiration and signature validation. Tokens are verified for issuer, subject, and expiration.
4. Logging: All API calls and server-side application logs are streamed to AWS CloudWatch for monitoring, debugging, and uptime assurance.
5. Infrastructure-as-Code: Our infrastructure is provisioned using automated CloudFormation templates to ensure consistent, repeatable, and auditable deployments.
6. Least Privilege Access: IAM roles and resources follow the principle of least privilege, granting only the minimum permissions required.
7. Ongoing Improvements: Security is continuously reviewed and updated as our platform evolves. As new threats emerge, we adapt and implement protections accordingly.