Below you'll find a high-level overview of the processes, procedures, and other technologies we've put in place to ensure the security of our platform.
By default all communications with the Sublime Service are encrypted using industry-standard communication encryption technology. Sublime currently uses Transport Layer Security (TLS), with regular updates to ciphersuites and configurations.
All user data is encrypted at rest.
We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve.
All of our services run in the cloud and are built on Amazon Web Services (AWS). AWS is GDPR-ready, ISO/IEC 27001, SOC 2, and PCI DSS compliant.
You can read the compliance documentation for AWS here.
Sublime regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.
Access to user data stored on the Sublime Service is restricted within Sublime to employees and contractors who have a need to know this information to perform their job function, for example, to provide user support, to maintain infrastructure, or for product enhancements.
Sublime currently requires the use of single sign-on, strong passwords, and non-SMS two-factor authentication for all employees to access production servers for the Sublime Service.
The software we develop for the Sublime Service is continually monitored and tested using a process designed to proactively identify and remediate vulnerabilities. We regularly conduct:
Sublime conducts mandatory background checks on all employees and contractors before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis.
Employees and contractors sign agreements that require them to protect the security and confidentiality of any sensitive information they access.