Your Security Is Our Priority
Our team takes every measure possible to ensure your data is protected and safe.
Twosense is in the process of completing SOC 2 certification.
SOC 2 Type II audit ensures that we conform to the American Institute of Certified Public Accountants (“AICPA”) SOC 2 standard. This audit ensures that our customers’ data is appropriately managed, protected, and secured.
As part of our ongoing commitment to data security, we will continually review how we collect, manage, and secure customer data and obtain periodic SOC 2 Type II reports.
Data Center and Network Security
Twosense hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3 and ISO 27001. See Amazon’s compliance and security documents for more detailed information.
100 percent of Twosense's primary application servers are located within Twosense's virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.
Our applications and services are built with various third-party technologies which are automatically monitored for vulnerabilities and patched promptly when discovered.
Twosense conducts application penetration testing by a third party at least annually in addition to Twosense's continued internal testing and review program.
All connections to Twosense are encrypted using TLS, and any attempt to connect over HTTP is redirected to HTTPS.
All customer data is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.
We use industry-standard AWS-managed PostgreSQL RDS and Redshift data warehousing systems.
Security and Development Practices
The design of all new product functionality is reviewed for security impact, with Twosense conducting mandatory code reviews for all changes to the code. Twosense development and testing environments are separate from its production environment. All code development is done through a standard process.
Our infrastructure is defined and deployed using infrastructure-as-code tooling including Terraform and Cloudformation, with all changes tracked and reviewed before deployment.
Vulnerability Disclosure Process- Twosense considers privacy and security to be core functions of our platform. Earning and keeping the trust of our customers is our top priority; therefore, we hold ourselves to the highest privacy and security standards. If you have discovered a security or privacy issue you believe we should know about, we would be eager to hear from you.