We do not sell personal information of our customers to third parties.
We have a full time staff focused on privacy and security issues.
alphaX processes user personal data in accordance to GDPR’s data protection principles.
alphaX uses data centers that meet the following certifications:
- PCI-DSS Level 1 Service Provider
- SOC 3 – System and Organization Controls
- NIST 800-53 Revision 4
- ISO 9001 – Global Quality Standard
- ISO 27001 – Security Management Control
- ISO 27017 – Cloud Specific Controls
- ISO 27018 – Personal Data Protection
All alphaX software engineers receive software security training that covers security best practices including covering OWASP Top Ten as well as Mobile Security best practices.
All alphaX source code is developed in accordance with a standard SDLC process that includes
A software and security code review before being shipped to production.
Running through a continuous integration test suite.
Manual QA testing.
A Pen-test including Static and Dynamic Code Analysis is regularly done by a third party security company.
All web traffic is encrypted by TLS 1.2 or greater.
alphaX follows NIST recommendations for hashing, symmetric and asymmetric encryption.
Memorized Secrets are handled in conformance with NIST SP 800-63
alphaX destroy data in conformance with NIST SP 800-88
All staff regularly receives security training by trained professionals and must pass security awareness tests.
All staff are regularly subjected to simulated phishing and other social engineering attacks to test their awareness.
All staff must sign off on security and acceptable use policies and procedures.
OWASP Top Ten: https://www.owasp.org/index.php/Top_10_2010-Main
NIST SP 800-63 : https://pages.nist.gov/800-63-3/
NIST SP 800-88 : https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-88r1.pdf