top of page

Security 


Effective Date: May 11, 2022

Security: Our Top Priority

Your data is your business, and that makes it our business. Security of your information, files and interactions within our system is a key priority for us, and we are consistently focused on maintaining and improving the reliability of our product and infrastructure.

Data Encryption

 

Serenity uses an industry-standard secure socket layer (SSL SHA-256) for all communications between your computer and the Serenity system and all communication between the different Serenity APIs. In addition, all data stored on Serenity is encrypted at rest. 

Physical Security

 

We outsource the hosting of product infrastructure to Amazon Web Services (AWS). They provide us with high levels of physical and network security and highly-scalable cloud storage facilities. 

Workstation Security

  • Our employee's workstations are encrypted.

  • We use password managers to ensure long passwords (as long as the services we use allow - up to 100 characters).

  • We enable (and enforce) two-factor authentication for all of the services that provide it.
     

Infrastructure Security

  • We use multiple AWS accounts to completely separate user identity management, integration, staging and production.

  • Our infrastructure is always installed as code and we periodically run discrepancy (drift) checks.

  • All of our backends are installed inside a VPC (Virtual Private Cloud)

  • All of the application infrastructures are hosted on serverless technologies and are fully managed by AWS.

  • All of the information stored by serenity is encrypted at rest (AES256). Sensitive information is encrypted during transport.

  • Access to the infrastructure is done through VPN and SSH connections, and it is allowed only from authorized locations (by IP).

  • Logs in production are monitored for sensitive information. If sensitive information is found (keys or passwords), it is deleted from the logs and rotated.

  • Employees’ keys are rotated regularly.

  • Keys and sensitive information are stored on AWS parameter store. 

 

Code and Application Security

  • We have automatic checks in our repositories to check for and patch known security vulnerabilities.

  • Every client data is stored in a separate schema, preventing accidental leakage of ids between customers.

  • Our queries are parameterized.

  • Access to the code repository is protected by 2FA

  • All requests to our codebase are made using short-lived temporary keys through an API. There is a separation between services.

  • Ids are hashed from and to the application.

  • Access to resources is done through an access control layer within the application.

  • Keys are encrypted using private keys and they are checked for tempering before being accepted.

  • All end-user authentication to Serenity is done through SSO (single sign-on) through well-known providers (Google, Github, Bitbucket and Linkedin). Serenity does not store any end-user passwords. We use Auth0 for identity management.

 

Personal information

 

Serenity stores the following personal information:

  • email address of the person who registered to serenity. This is used as part of the authentication process.

  • email addresses of individuals belonging to the organization (when an integration allows for it), those email addresses are used to invite individuals into serenity to review timesheet accuracy.

  • The first and last names of individuals belonging to the organization, make it easier to review the information stored in Serenity for accuracy and reporting purposes.

  • User id from in integration with project management tools (such as JIRA and shortcut). This information is used to remove duplicated data from serenity while syncing data between Serenity and the project management tool.

bottom of page