At Caspio, nothing is considered more important than protecting your data from unauthorized access or loss. We have woven a data-security culture into our DNA. It's manifested in the security features of our platform, the selection of our technology partners and vendors, employee training, company policies, adherence to the latest best practices and developments in the field, and vigorous testing and quality assurance practices that go into every release of our technology.
We realize that we have to work hard to deserve your trust, and we are committed to doing so. The following is an overview of our security measures. Please note that some details have been excluded in order to protect the integrity of these security solutions.
Caspio is using Amazon Web Services (AWS) as its infrastructure provider. AWS has built a reputation for providing some of the most secure and best-run data centers in the world.
These compliances and certifications ensure that AWS adheres to the stringent security standards that meet or exceed the requirements of some of the most sensitive data and applications.
Our servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols and ports are disabled and monitored.
Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors.
Our databases and backups can only be accessed through trusted and secure authentication.
All data maintained in your Caspio account is owned by you. Only a few select, qualified and authorized personnel are allowed access to servers when necessary for system management, maintenance, monitoring, and backups.
We follow rigorous hiring practices and every administrative, IT, support, and sales candidate undergoes a background check.
Our support engineers may only access your account when explicitly authorized by you to resolve problems or issues reported by you or to address issues for which we are contractually authorized.
All account logins are tracked for reference.
The Caspio platform offers an extensive list of features to help you protect and secure your account, data and applications:
Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others, and change them often. You are advised to only access your account from trusted devices and networks. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.
Data Encryption - When you log into your Caspio account, your session is secured with SSL encryption. When you deploy your DataPages and applications on your website, you have the option of securing them through industry-standard SSL security that we offer to customers at no extra cost. You also have the option of completely blocking non-SSL access to your data and applications.
Web User Authentication - You can apply Web User Authentication to your apps. This capability is a standard Caspio feature and helps you prevent unauthorized users from accessing your apps and data. You can have an unlimited number of authenticated users for your applications.
Data Harvesting Protection - Caspio provides CAPTCHA human verification security that can be added to the search forms of your apps to prevent robots from harvesting your data.
IP Blocking - You also have the option of granting or blocking access to your apps and Data Pages based on IP address. Using this feature, you can limit access to an application to your internal network.
Caspio adheres to strict data privacy standards. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.
TRUSTe is an independent organization devoted to building users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.
Caspio HIPAA Enterprise
Caspio also offers a HIPAA-compliant edition that provides additional security features for handling personal health information (PHI). Caspio HIPAA Enterprise is an entirely separate infrastructure dedicated to ensuring all data and applications are HIPAA-compliant. This edition includes unique capabilities such as data encryption in transit and at rest, audit trail, user management, internal security controls, and more.
Learn more about Caspio HIPAA Enterprise.