Security is not a feature. It’s our foundation.

Third party audits

In addition to our extensive internal scanning and testing program, we employ third-party security experts to perform penetration tests.

Data encryption in transit and at rest

All web traffic through Persona is encrypted via Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security 1.2 (TLS).

Data in the database is encrypted using AES-256 encryption, and decryption keys are stored on separate hosts and rotated on a regular basis.

Secure development

Persona employs coding best practices focused around the OWASP Top Ten. Development, testing, and production environments are separated.

Code changes are peer reviewed and tested prior to deployment into production.

Policies & training

We developed a set of security policies and trainings that are shared with, and made available for all personnel with access to Persona information assets

Logical access

Access to production systems utilizes least privilege based on role, is audited and monitored, requires 2FA via SSH, and a whitelisted IP via VPN.

Continuous, dynamic scanning

Persona maintains a comprehensive vulnerability management program which includes regular scanning, identification, and remediation of security vulnerabilities on infrastructure, endpoints, networks, and applications.

Availability & continuity

Persona maintains a publicly available system-status page which includes performance and incident history.

Persona employs a backup and replication regime to ensure data availability across primary and secondary systems. Our Disaster Recovery program ensures that services remain available or are recoverable in case of disaster.