We take security extremely seriously. Through rigorous security checks, safe data storage, employee screenings, and compliance with every available regulation, we can ensure the safety, stability, and reliability of our platform. 

Data Storage

Our physical infrastructure is hosted and managed within Microsoft Azure’s secure data centers. Azure continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Azure data center operations have been accredited under SOC 1, SOC 2, SOC3, ISO 27001, ISO 27018, FedRAMP, HITRUST, MTCS, IRAP, and ENS among many others. We use data centers based in France for European Companies and Citizens. We use data centers based in the United States for all other users.

Azure data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state-of-the-art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in continually escorted by authorized staff.

Disaster recovery

Our disaster recovery program ensures that our services remain available or are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating disaster recovery plans, and testing. All our mobile and desktop apps are built to work seamlessly when offline and even if all our services are down, so as a customer you will not see any signs of degraded performance.

Encryption in transit and at rest

1Page supports encryption of customer data in transit and at rest. All communications with 1Page servers are encrypted using industry-standard TLS by default. We have database level, column-level, and row-level encryption for any PII (personally identifiable information) and any sensitive information with org-specific and user-specific encryption keys to ensure complete data confidentiality. Even if our databases get compromised, which is very unlikely because of Azure’s extensively physical and digital security hurdles, data is so encrypted that it can never be decrypted without the right org-specific and user-specific encryption keys. This includes traffic between you and 1Page, between the app with integrations, and temporarily stored data and devices.

Network

Our network is protected by redundant firewalls, best-in-class router technology, secure HTTPS transport over public networks, and regular audits.

Responsible Access

Access to our production network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the production network are required to use multiple factors of authentication and user/organization consent.

Security Incidents

In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

Secure Design and Development

We use leading tools and techniques to protect against common security vulnerabilities. These include, but are not limited to, Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL Injection.

Technology and Design

We employ a full suite of secure software development activities and controls. This starts with the design of our applications and follows through to implementation, down to individual hardware devices.

API Security and Authentication

1Page’s data access API is TLS-only and you must be a verified user to make API requests. We integrate with your organization-level authentication and authorization protocols to ensure our APIs and any provider integration APIs are accessible with the right access tokens.

Access Privileges and Roles

Access to data within 1Page is governed by role and access rights configured within our organization.