Security

We understand how important it is to keep your information safe. Security has been a cornerstone of development since day one as Stylo’s founders spent their careers in cyber security. We take the commitment to upholding the safety of information through our extensive use of policies, controls, and industry experience to ensure your utmost confidence. At a glance:

SOCII Type II certified

SOCII Type II certified

Annual penetration tests

Annual penetration tests

PII masking

PII masking

Continuous monitoring

Continuous monitoring

PII Masking

Common types of sensitive information including banking card numbers, Social Security Numbers, Passport information, Drivers Licenses, and more are automatically removed and masked. 

Data center and network security

Stylo services are hosted in GCP (Google Cloud Platform) data centers which meet the following standards for cloud security.

Application Security

Stylo's web applications are built to minimize attack surface and adhere to standards for security, authentication and cryptographically safe exchanges. Any exchange with third parties is done through TLS.

Authentication

Stylo's authentication system uses OAuth with JWTs making it simple to manage permissions. Additionally, Stylo utilizes verification of shared secrets and IP whitelisting.

Penetration Tests and Vulnerability Scanning

Alongside regular penetration testing, Stylo utilizes continuous monitoring solution SecurityScorecard. Stylo strives to maintain a grade of an “A” (The highest grade in SecurityScorecard) at all times. In addition, before deploying updates to production we scan our containers to identify any potential vulnerabilities as part of our pre-deployment process.

Compliance and privacy support

As a data processor, we ensure we are helping our customers maintain compliance posed by their own regulatory requirements. For GDPR requests we are able to produce records of stored information and respond to requests for data deletion. Custom data retention policies are available upon request for specific engagements.

System Security

Facilities

Stylo's services are hosted on GCP. Data center facilities maintain physical security, disaster preparedness and redundant power supplies.

Facilities

Stylo's services are hosted on GCP. Data center facilities maintain physical security, disaster preparedness and redundant power supplies.

Physical Security

GCP maintains a physical security policy permitting access only by authorized individuals.

Physical Security

GCP maintains a physical security policy permitting access only by authorized individuals.

Monitoring

All production systems are monitored by Stylo and incident detection systems. Interservice communications are traced and monitored for any potentially suspicious activity. Health checks are continuously conducted from the following regions: Asia Pacific, Europe, United States and South America.

Monitoring

All production systems are monitored by Stylo and incident detection systems. Interservice communications are traced and monitored for any potentially suspicious activity. Health checks are continuously conducted from the following regions: Asia Pacific, Europe, United States and South America.

Geography

Stylo’s SAAS offering by default is served for GCP US-West-1 (Oregon) datacenter. 

Geography

Stylo’s SAAS offering by default is served for GCP US-West-1 (Oregon) datacenter. 

Data Security and Privacy

Encryption in Transit

Communications between Stylo and all remote clients and services are encrypted according to industry best-practices Transport Layer Security (TLS). We further utilize verification of shared secrets and IP whitelisting.

Encryption in Transit

Communications between Stylo and all remote clients and services are encrypted according to industry best-practices Transport Layer Security (TLS). We further utilize verification of shared secrets and IP whitelisting.

Encryption at Rest

All customer data is kept in single-tenant data stores. All data within these stores is encrypted at rest.

Encryption at Rest

All customer data is kept in single-tenant data stores. All data within these stores is encrypted at rest.

International Compliance

As a data processor, we look to support our customers to maintain compliance posed by their own regulatory requirements. By request, we can produce records of stored information and respond to requests for data deletion.

International Compliance

As a data processor, we look to support our customers to maintain compliance posed by their own regulatory requirements. By request, we can produce records of stored information and respond to requests for data deletion.

Security Policies

External Auditing

Stylo engages external security providers to continuously monitor our public-facing attack surface. Additionally, internal penetration tests are run annually. 

External Auditing

Stylo engages external security providers to continuously monitor our public-facing attack surface. Additionally, internal penetration tests are run annually. 

DDoS Protection

Stylo’s public IPs are protected by DDOS protection to defend against significant attacks.

DDoS Protection

Stylo’s public IPs are protected by DDOS protection to defend against significant attacks.

Employee Access and Training

All employee access is granted in accordance with the principle of least access. Employees are only able to access information associated with their relevant projects. All staff is trained and made aware of security policies during onboarding.

Employee Access and Training

All employee access is granted in accordance with the principle of least access. Employees are only able to access information associated with their relevant projects. All staff is trained and made aware of security policies during onboarding.

Security Incident Response

Stylo maintains an up-to-date security incident response policy establishing effective controls to ensure the detection of security vulnerabilities and incidents, as well as quick reactions and responses to security breaches.

Security Incident Response

Stylo maintains an up-to-date security incident response policy establishing effective controls to ensure the detection of security vulnerabilities and incidents, as well as quick reactions and responses to security breaches.

Third-Party Services

Stylo performs a risk assessment of all third-party services. For a current list of subprocessors, see here

Third-Party Services

Stylo performs a risk assessment of all third-party services. For a current list of subprocessors, see here

Full Policy Documentation

Listed above are the security policies our customers most commonly ask about. Full documentation can be produced upon request. 

Full Policy Documentation

Listed above are the security policies our customers most commonly ask about. Full documentation can be produced upon request.