Security

Last updated 02/16/2022

Security Practices and Procedures at SALT

Security here at SALT is not taken lightly. Below, we'll outline both the physical and technical procedures we use to ensure your data is kept safe.

Technical Security and Encryption

Whenever your data is in transit between you and us, everything is sent encrypted over HTTPS, and our databases utilize encryption at rest. We limit brute force attacks with rate limiting, and all passwords are filtered from all our logs and are one-way encrypted using industry standard bcrypt.

Security Through Coding Practices

We hire the best developers we can find. Since so many security exploits take advantage of coding errors, part of security is having well-tested, well-reviewed code. At SALT, code changes are reviewed by teammates, ran against an automated testing framework, and in most cases, manually QA’d. By the time new code is running on our production environments it has had lots of eyeballs on it. Developing this way means that it takes more time to get things done, but it also means that fewer mistakes get by.

Data Durability and Recovery

We employ a multilayered backup strategy that is designed to be resilient to hardware failure, regional disasters, and malicious acts. Both point in time backups and daily snapshots are available for use in recovery.

Physical Security

All of your data is stored in US-based AWS data centers, which use industry leading practices in physical security, redundancy, and availability. You can learn more about Amazon's data centers here.

Local Equipment Security

SALT is a remote first-company, We employee people in 6 cities across 4 states. This means we have company devices and hardware in multiple locations. In the event of a break-in, we might lose some expensive monitors, or computing hardware but since our applicaiton and data servers don't reside in any employee ran buildings, they aren't vulnerable to smash-and-grab robberies. Further ever employee device is password protected, encrypted managed by remote management software. At any time we can lock or even remote wipe the devise. In the course of conducting customer support, employees access customer data using an encrypted connection and must invoke a logged time-based connection.

Personnel Security

SALT is a small company, so thankfully we are able to hire some brilliant people who care about its success. Our employee turnover is extremely low (especially for the tech industry). To protect company data, including customer data, all employees sign a non-disclosure agreement when hired.

Security Culture

Lastly, a word about the culture here in general. Internaly we deploye Two-Factor authentication across all external vendors and services. We utilize 1Password for 20 character+ completely random passwords across all employee logins. We're a "techy team" who is trying to bring a new standard of security to the insure-tech industry.

Questions

If you have any questions that weren't addressed on this page, please don't hesitate to ask by emailing us at security@saltinsure.com.