Security Policy

Twosense is SOC 2 Type II Compliant

This achievement indicates that our handling and processing of customers’ data meets key security standards. The protection of customer data is the highest priority for our team, and we’re committed to building a robust security & compliance program.

Data Center and Network Security

Twosense hosts all its software in Amazon Web Services (AWS) facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 1-3 and ISO 27001. See Amazon’s compliance and security documents for more detailed information.

100 percent of Twosense's primary application servers are located within Twosense's virtual private cloud (VPC), protected by restricted security groups allowing only the minimal required communication to and between the servers.

Application Security

Our applications and services are built with various third-party technologies which are automatically monitored for vulnerabilities and patched promptly when discovered.

Twosense conducts application penetration testing by a third party at least annually in addition to Twosense's continued internal testing and review program.

Data Security

All connections to Twosense are encrypted using TLS, and any attempt to connect over HTTP is redirected to HTTPS.

All customer data is encrypted at rest and in transit. We rely on AWS infrastructure to securely maintain our cryptographic encryption keys.

We use industry-standard AWS-managed PostgreSQL RDS and Redshift data warehousing systems.

Security and Development Practices

The design of all new product functionality is reviewed for security impact, with Twosense conducting mandatory code reviews for all changes to the code. Twosense development and testing environments are separate from its production environment. All code development is done through a standard process.

Our infrastructure is defined and deployed using infrastructure-as-code tooling, including Terraform and Cloudformation, with all changes tracked and reviewed before deployment.

Vulnerability Disclosure Process- At Twosense, we prioritize the security of our systems and the protection of our customers’ data. To ensure the effectiveness and responsibility in the handling of security vulnerabilities, we have established the following responsible disclosure policy:

Non-Disruption of Services: Researchers must not conduct tests that can affect our production systems or disrupt services to our customers. This includes avoiding any actions that could cause degradation of services or data loss.
Prohibited Use of Automatic Scanners: The use of automated network scanning tools to identify vulnerabilities is strictly prohibited. Such tools often create a significant volume of traffic that could negatively impact our services and our customers.
Confidentiality of Disclosure: Any security vulnerabilities discovered must not be disclosed publicly or to any third parties until they have been confirmed and addressed by our security team. Public disclosure of vulnerabilities before resolution is strictly against our policy and could result in legal action.
Submission of Proof-of-Concept: When reporting a vulnerability, please provide a detailed proof-of-concept. This will assist our security team in quickly verifying the issue and expedite the process of implementing a fix or mitigation.
Reporting Channel: Please submit your findings via email to security@twosense.ai. Include all relevant information that would help us in replicating and addressing the vulnerability in a timely and efficient manner.
Response Commitment: Once an issue has been reported, you will receive a response within 2 business days with an update.

We appreciate the collaborative effort of the security research community and are committed to resolving security vulnerabilities responsibly and efficiently. Researchers following this responsible disclosure policy will be acknowledged for their contributions in making Twosense more secure.

Your Security Is Our Priority

Our team takes every measure possible to ensure your data is protected and safe.

Twosense is SOC 2 Type II Compliant

Data Center and Network Security

Application Security

Data Security

Security and Development Practices

Company

Legal