Security is not a feature. It’s our foundation.

We take the responsibility of helping you manage your customer data seriously. That’s why security and privacy are key focus areas for our organization and product development.

Application Security

We practice security in depth and take comprehensive steps to securely develop and test against threats across a range of vectors.

Third party audits

In addition to our extensive internal scanning and testing program, we employ third-party security experts to perform penetration tests.

Data encryption in transit and at rest

All web traffic through Persona is encrypted via Hypertext Transfer Protocol Secure (HTTPS) and Transport Layer Security 1.2 (TLS).

Data in the database is encrypted using AES-256 encryption, and decryption keys are stored on separate hosts and rotated on a regular basis.

Secure development

Persona employs coding best practices focused around the OWASP Top Ten. Development, testing, and production environments are separated.

Code changes are peer reviewed and tested prior to deployment into production.

Policies & training

We developed a set of security policies and trainings that are shared with, and made available for all personnel with access to Persona information assets

Logical access

Access to production systems utilizes least privilege based on role, is audited and monitored, requires 2FA via SSH, and a whitelisted IP via VPN.

Continuous, dynamic scanning

Persona maintains a comprehensive vulnerability management program which includes regular scanning, identification, and remediation of security vulnerabilities on infrastructure, endpoints, networks, and applications.

Availability & continuity

Persona maintains a publicly available system-status page which includes performance and incident history.

Persona employs a backup and replication regime to ensure data availability across primary and secondary systems. Our Disaster Recovery program ensures that services remain available or are recoverable in case of disaster.

Certifications and Regulations

Our security and privacy frameworks are based on and aligned with global standards that ensure the highest grade of security is met or exceeded.

Data Privacy

Adhering to regulations is only one component of our commitment to privacy. Our higher order mission is to serve individuals with respect and ensure the right to their unique identity. See our privacy policy for more details.

Data Transfer Practices

We’re certified under the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks for data transfer and storage.

Privacy Policy

Our Privacy Policy honors the GDPR, EU-U.S. and Swiss-U.S. Privacy Shield Frameworks.

Privacy by Design

Your data is yours to own. We never sell user data and allow you to delete it.

Privacy Impact Assessments

We continuously evaluate the impact of our activities on data privacy, collecting only the data we need while protecting it better.