Security

42Layers takes security very seriously and is committed to keeping your data safe. Here you will find everything you need to know about all the practices we follow to keep your information safe. Contact security@42Layers.io if you have any questions or comments.

Solution Infrastructure

  • Our infrastructure is developed primarily in the Rust Programming Language. This provides memory safety (like Java) while providing the performance of C/C++. Given that our infrastructure packs and unpacks customer data, this provides a foundational level of security against security issues like buffer overflows
  • High-risk data transformations are done inside Web Assembly sandboxes to provide additional security

Identity & Access Control

  • Access to 42Layers production infrastructure is protected by MFA (multi-factor authentication) with physical security keys
  • Customers are encouraged to use industry leading identity providers or their own enterprise Active Directory infrastructure to authenticate with 42Layers

Auditability

  • All actions within our infrastructure are audible
  • All dataflows are auditable on a per-message basis

Confidentiality

  • Encryption-at-rest: Data is encrypted at rest all the times.
  • Encryption-in-transit:
    • All communication over HTTPS is encrypted using TLS.
    • FTP communication defaults to SFTP unless disabled by customers

Permissions

  • Only users of your organization registered with 42Layers and 42Layers operations staff have access to your account.
  • Your account provides visibility into the status of each dataflow, connector, and, upload button; and the ability to pause or delete the integration connection

Data Protection

  • 42Layers, in its potential role as data subprocessor, adheres to the principles of the General Data Protection Regulation (EU) 2016/679 of the European Parliament privacy rules.
  • Please contact us for our Data Protection Agreement

Company Access Policies

  • Access to all infrastructure is controlled via 2 Factor Authentication with physical keys where possible
  • All deployments, including test infrastructure use the same encryption policies as production services
  • We maintain state-of-the-art Continuous Integration/Continuous Deployment infrastructure enabling fast development times for customer feature delivery and security updates
  • We employ industry standard code analysis, vulnerability scanning and runtime monitoring

In the event of a data breach

  • To date, 42Layers has not experienced a breach in security of any kind. In the event of such an occurrence, 42Layers protocol is to make customers aware as soon as the compromise is confirmed.

Questions? Concerns?

We're always happy to help with any other questions you might have! Send us an email at security@42Layers.io

Report a breach

Send us an email at security@42Layers.io