At Caspio, nothing is considered more important than protecting your data from unauthorized access or possible data loss. We have woven a data-security culture into our DNA. It's manifested in the security features of our platform, the selection of our technology partners and vendors, employee training, company policies, adherence to the latest best practices and developments in the field, and vigorous testing and quality assurance practices that go into every release of our technology.
We realize that we have to work hard to deserve your trust, and we are committed to doing so. The following is a summary overview of our security measures - please note, that some details have been excluded in order to protect the integrity of these security solutions.
Caspio is using Amazon Web Services (AWS) as its infrastructure provider. AWS has built a reputation for providing some of the most secure and best run data centers in the world. AWS is:
These compliances and certifications ensure that AWS adheres to the stringent security standards that meets or exceeds the requirements of some of the most sensitive data and applications.
Our servers and firewalls are configured to allow only the absolute minimum level of access. All unnecessary users, protocols, and ports are disabled and monitored.
Operating systems and third-party software are kept current with the latest upgrades and patches recommended by their vendors.
Our databases and backups can only be accessed through trusted and secure authentication.
All data maintained in your Caspio account is owned by you. Our employees do not have direct access to the servers, except where necessary for system management, maintenance, monitoring, and backups. Only select, qualified authorized personnel are allowed access to database servers, and only when that access is absolutely necessary.
We follow rigorous hiring practices and background checks for administrative, IT, support, and sales positions.
Our support engineers may only log into your account when explicitly authorized by you, and only to resolve problems or issues reported by you or when contractually authorized. All account logins are tracked for reference, if needed.
The Caspio platform offers an extensive list of features to help you protect and secure your account, data, and applications:
Account Authentication - Your account is protected by your Account ID and password. We encourage you to use strong passwords, protect them from others, and change them often. We do not store sensitive user data in cookies or utilize other high-risk user or session tracking methods.
Data Encryption - When you log into your Caspio account, your session is secured with 128 bit or higher encryption. When you deploy your DataPages and applications on your website, you have the option of securing them through industry-standard SSL security that is offered at no extra cost. You also have the option of completely blocking non-SSL access to your data and applications.
Web Application Password Protection - You can apply Web User Authentication to your apps. This capability is a standard Caspio feature and helps you prevent unauthorized users from accessing your apps and data. You can have an unlimited number of authenticated users for your applications.
Data Harvesting Protection - Caspio provides CAPTCHA human verification security that can be added to the search forms of your apps to prevent robots from harvesting your data.
IP Blocking - You also have the option of granting or blocking access to your apps and Data Pages based on IP address. Using this feature, you can limit access to an application to your internal network.
Caspio also adheres to strict data privacy standards. We are a licensee of the TRUSTe® Privacy Program and abide by the EU Safe Harbor Framework as outlined by the U.S. Department of Commerce and the European Union.
TRUSTe is an independent organization devoted to build users' trust in the internet by promoting the use of fair information practices. We have elected to disclose our information handling practices and have our practices reviewed for compliance by TRUSTe as a testament of our commitment to your privacy.
The flexible architecture and design of Caspio empowers users around the world to create business-critical applications that require the highest level of uptime and performance.
We offer a highly reliable and secure environment by employing the best and the latest technologies in cloud infrastructure including those offered by Amazon Web Services.
The Caspio development team is a group of accomplished engineers who are trained and certified in their respective fields and possess years of industry experience. Caspio is also a certified Microsoft Partner.
We monitor the availability and performance of our services from around the globe through a third-party monitoring service. Any performance below our acceptable range triggers a chain of events that ensure the problem is immediately investigated and properly addressed. The report of our availability and performance is available at http://status.caspio.com and is updated every minute by the monitoring service.
We have engineered a scalable technology that can withstand high levels of traffic. This is proven every day by Caspio-powered apps that are deployed to some of the most trafficked websites around the world for large-scale implementations at Fortune-500 companies, the top American newspaper websites, and large government organizations such as California Department of Health and the United States Postal Service.