Security

How we protect your data and our platform

Our Commitment to Security

At Signals, security is foundational to everything we build. We understand that our customers trust us with sensitive business data and operational workflows. This document outlines the security measures we implement to protect your data and maintain the integrity of our platform.

Infrastructure Security

Cloud Infrastructure

Hosted on industry-leading cloud providers (AWS/Google Cloud) with SOC 2 Type II certification
Geographically distributed data centers for redundancy and disaster recovery
Automated failover and high availability architecture
Regular security patches and updates applied promptly

Network Security

Web Application Firewall (WAF) to protect against common attacks
DDoS protection and mitigation systems
Network segmentation and strict firewall rules
Intrusion detection and prevention systems (IDS/IPS)

Data Security

Encryption

In Transit: All data transmitted using TLS 1.2+ encryption (HTTPS)
At Rest: AES-256 encryption for all stored data
Database: Encrypted database connections and storage
Backups: Encrypted backups stored in separate locations

Data Handling

Secure data retention and deletion policies
Data classification and handling procedures
Regular database backups with point-in-time recovery
Secure data disposal procedures

Authentication & Access Control

User Authentication

Secure password hashing using bcrypt
Optional two-factor authentication (2FA)
Secure session management with automatic timeouts
Account lockout after failed login attempts
Secure password reset flows

API Security

API key authentication with secure key generation
Rate limiting to prevent abuse
API key rotation capabilities
Granular API permissions

Internal Access Controls

Principle of least privilege for all access
Role-based access control (RBAC)
Regular access reviews and audits
Logging of all administrative actions

Monitoring & Incident Response

Continuous Monitoring

24/7 system monitoring and alerting
Security event logging and analysis
Anomaly detection for unusual activity
Uptime monitoring with status page

Incident Response

Documented incident response procedures
Rapid response team for security events
User notification for security incidents affecting their data
Post-incident analysis and remediation

Application Security

Secure Development

Secure coding practices and code reviews
Automated security scanning in CI/CD pipeline
Dependency vulnerability scanning
Regular penetration testing

OWASP Top 10 Protection

We implement protections against common vulnerabilities:

SQL Injection prevention through parameterized queries
Cross-Site Scripting (XSS) protection
Cross-Site Request Forgery (CSRF) tokens
Secure authentication and session management
Input validation and output encoding

Responsible Disclosure

We take security vulnerabilities seriously. If you discover a security issue, we encourage you to report it responsibly.

How to Report

Email: support@gotsignals.com
Include detailed information about the vulnerability
Provide steps to reproduce the issue
Allow reasonable time for us to address the issue before disclosure

Our Commitment

Acknowledge receipt within 24 hours
Provide regular updates on our progress
Credit researchers who report valid vulnerabilities (if desired)
Not pursue legal action against good-faith security research

Note: Please do not test vulnerabilities on production systems without authorization. We can provide a staging environment for security testing upon request.

Compliance & Certifications

We maintain compliance with industry standards and best practices:

GDPR compliant data handling
CCPA compliant privacy practices
Cloud provider SOC 2 Type II certification
Regular third-party security assessments

Security Questions?

For security-related inquiries or to report a vulnerability:

Security: support@gotsignals.com
General: contact@gotsignals.com

← Back to Home