Security Policy

At Sipylus, safeguarding your data is our top priority. We’ve implemented multiple layers of security controls and infrastructure best practices designed to protect your personal information, ensure system integrity, and maintain service reliability.

Data Encryption & Transit Security

  • All data exchanged between clients and our servers is encrypted using industry-standard TLS (HTTPS).
  • At-rest sensitive data, including backups and archival storage, is encrypted with strong encryption algorithms.
  • Encryption keys are managed securely and rotated on a regular basis.

Access Control & Identity Management

  • Access to production systems is strictly restricted to authorized personnel.
  • Multi-factor authentication (MFA) is required for all administrative access.
  • We follow the principle of least privilege—users and services receive only the access they need.

Infrastructure Hardening & Configuration Management

  • All servers are hardened in accordance with security best practices and regularly audited.
  • Infrastructure as Code (IaC) tools ensure configurations remain consistent and verifiable.
  • Security patches and OS updates are applied promptly across all systems.

Monitoring, Detection & Incident Response

  • We monitor our networks and systems continuously using security information and event management (SIEM) systems.
  • Anomalies and potential threats are flagged and investigated by our security team in real time.
  • We maintain an incident response plan, and execute drills to ensure preparedness against security events.

Third-Party Risk Management

  • Vendors are vetted for security posture and contractual compliance before integration.
  • We perform regular security assessments and insist on secure configurations and practices.

Data Backups & Disaster Recovery

  • Regular, encrypted backups are performed for critical systems and data.
  • Our disaster recovery plan ensures we can recover service quickly and reliably.

Employee Training & Security Culture

  • We conduct regular security awareness training for all employees.
  • Security best practices are embedded in our culture—security isn’t just IT’s job, it’s everyone’s job.

Continuous Improvement

We regularly review and enhance our security controls in response to emerging threats, new technologies, and feedback from internal and external reviews.

Updated by The Sipylus Legal Team on January 1, 2016.