Schema App provides two means of data transfer. Initially, the service is configured by either a Business user or by the Schema App Customer Success Manager (CSM) assigned to the account. This user or CSM sets up the configuration in https://app.schemaapp.com which is then exported to an Object Store (S3), and available on our Content Delivery Network. These user sessions are logged into the application with encrypted data in transit (HTTPS) and at rest (Database encryption).
It is important to note that all information stored is publicly available within the content of the website and indexable by search engines.
- Data is kept within AWS. AWS maintains SAS 70 Level 2 certification
- All data is encrypted both during transit, HTTPS SHA-256 with RSA Encryption
- PCI Data Security Standards 3.2.1 Level 1 Service Provider
- Data at rest uses 256-bit length keys and accessed over SSL
- We have automated Veracode dynamic scans of our application
- Principle of Least Privilege is applied, including periodic review of PLP
- Internal policies are in place outlining the safe handling of customer information
- All Schema App employees are required to participate in cybersecurity training courses
The above is by no means an exhaustive list and its intended purpose is to provide a brief overview of some of the security measure Schema App has in place. For more information please contact firstname.lastname@example.org.