We have put in place a variety of measures to ensure that your data is protected, secure and preserves your privacy
Schedule a callNeedl is ISO 27001 and SOC2 Type1 certified and also follows all AWS recommended best practices. Needl constantly updates its infrastructure and acquires certifications that ensure user data privacy and security.
Needl uses OAuth 2.0 protocol (token-based authentication) to connect to third-party data providers such as Google Drive, Evernote, OneNote, OneDrive, Twitter, Gmail and many others. We will never ask for your credentials to these services and will securely store the authentication token that is generated by the service when you authorize our access.
Needl is ISO/IEC 27001: 2013 certified. This essentially means that the information security management system (ISMS) of Needl addresses and covers the protection of all data and its related information security aspects.
SOC stands for system and organizational controls. This certification provides customers the assurance that Needl’s system requirements and service commitments are achieved based on the trust service criteria relevant to security, availability, confidentiality, privacy and processing integrity, outlined in TSP section 100, 2017 trust service criteria for security, availability, confidentiality, privacy and processing integrity (AICPA, trust service criteria).
Needl’s security program is enhanced with additional operational and security controls by using established public cloud hosting providers.
Needl adheres to industry-wide best practices to code and develop its software application, thus ensuring hack-proof code quality. Needl regularly tests its application for screening software threats and vulnerabilities.
Best security practices are an integral part of Needl and are broadcasted and followed throughout the organization. All applications, systems and networks- primary and ancillary are configured and monitored using these security practices.
Needl monitors its corporate facilities and ensures that the physical offices and Needl’s infrastructure and hardware are state of art and protected.
Needl’s infrastructure is designed to have physical access and logical access controls. Needl uses AWS, a sub-service organization, to manage the physical access to its resources. Logical access control is managed by Needl.
When a user clicks on specific documents or images to view the data, Needl returns signed URLs to them after first verifying that the user has access to the content. This signed URL is valid only for a limited duration. Needl receives this URL in their data store and verifies that the URL is from a legitimate user and is tamper-free.
Needl’s user login and password information is stored on AWS’s Cognito Service which is secure and is compliant with SOC2 and ISO 27001 standards.
For more details visit: ( https://aws.amazon.com/cognito/details ).
In addition, every data access request made to Needl is authorized via AWS Cognito. This means that only the authenticated users can view or retrieve their data.
Needl uses OAUTH2.0 authentication standards ( https://oauth.net/2/ ) to sync applications wherever possible. Needl does not store login credentials and passwords for any applications, instead uses a secure and encrypted database to store the access and refresh tokens. The user has the right to revoke access for Needl to sync with any application at any time. For applications like WhatsApp, Needl requests a two-factor consent from the user which includes an OTP and QR code scan. The resultant session cookies are stored in a secure and encrypted form in Needl’s data stores
All our data in Amazon is stored using Amazon’s AWS Key Management Service. This service uses a 256-bit key length encryption, both for our S3 data stores and in our search index. This ensures that only the authenticated users can access their data.
AWS KMS service is server-side encryption for data at rest. Server-side encryption is the encryption of data at its destination by the application or service that receives it.TLS EncryptionAll data that is transmitted from within our servers to your browser has TLS encryption and is secure.
All data that is transmitted from within our servers to your browser has TLS encryption and is secure.
We host the Needl application on proven public clouds, which means that as a Needl customer, you will inherit the robust standards of cloud security maintained by our cloud partners. Currently, Needl uses AWS and Google Cloud as partners and builds on top of it to maintain the highest and best security practices.
Public cloud data centers have multiple physical and environmental controls in place in their facilities to protect customer data from theft and loss. Needl’s application is managed in such data centers to take advantage of their security features.
Needl has applied the best practices for its security architecture. API Gateway to the Needl application provides a single point to filter attacks and secure authentication via AWS Cognito.
Needl hosted customer servers use a cloud-based distributed backup framework to reduce redundancy.
The Needl application is designed in a way that it can be hosted by various public cloud data centers across the globe and is not limited to AWS and Google Cloud.
Needl’s customer data requires various levels of approval and authentication before it can be accessed.
Needl regularly scans its front-end application and back-end infrastructure to check for known security threats and vulnerabilities.
Needl stores the logs from its production and corporate environments in a central location. This is monitored and alerts are triggered if a possible security threat is detected.
The collected logs and all network activity are checked against commercial threat intelligence feeds for potential risks.
Any irregular or unusual activity is flagged and triggers an alarm. An example of this could be an unexpected authentication activity.
Needl uses AES encryption to secure its locally stored data such as sensitive application data, database connection configurations and cached query data.
Needl does not have access to user passwords. Usernames and passwords are secured using AWS Cognito which is a cloud-based user account control service.
Data in transit is encrypted and secured from the user's browser to the application via TLS 1.3. This is the latest version of the TLS protocol and is designed to facilitate data security and privacy for communications over the internet.
Needl follows a standardized, documented SDLC process to develop its code. The process contains listed guidelines on code testing and review before it can be moved to the production phase. This ensures that all developers are on the same page and the quality of code is maintained.
Peer Review is a software quality assurance activity that helps maintain the level of consistency in the design of the software. Needl reviews every written code before it is committed to the master code of the Needl application.Functional and unit tests are performed using automated tools as part of the quality assurance process.
Software Developers have regular training on secure coding practices that Needl implements.
The automated code quality tests that Needl conducts specifically target areas such as injection flaws, input validation and CSRF token usage to ensure that no vulnerabilities are detected in the code.
Needl performs regular third-party penetration tests also known as “Pen tests”, against the Needl application and its hosted environment. This test evaluates the system and identifies both, its strengths and weaknesses.
Needl provides SAML-based single sign-on for users. This has significant advantages over using a username and password. It also offers support for SSO solutions from Google Apps, OneLogin, and SAML.
Needl is connected with the security community at large and runs a responsible disclosure program to facilitate security vulnerability reporting.
All third-party service providers associated with Needl go through an annual security review.
Needl has established a dedicated information security function responsible for security and data compliance across the organization. This initiative is led by the Chief Security Officer (CSO).
The various security policies and procedures implemented at Needl are strictly adhered to and the security culture and responsibility is communicated clearly to all its employees.
A background check is conducted before hiring an employee or signing with contractors.All individuals or vendors associated with Needl are expected to sign confidentiality agreements.
All new hires have to complete mandatory security training as part of their initial induction and training with Needl. Employees receive routine security awareness training to keep up with changes and updates. Measures are taken to confirm employee adherence to company security policies. Needl employees are constantly made aware of security best practices through informal and formal communications.
The Vendor Management Program run by Needl ensures that all third parties associated with Needl are compliant with an expected level of security controls.
Needl maintains a strong Security Risk Management Program. The CSO of Needl chairs the Security Steering Committee periodically.
Needl has a Security and Operations team available 24/7 to respond immediately to security alerts and events.
In case of a security breach, Needl maintains and adheres to the documented Incident Response Plan.
Training is provided to all Needl employees on Security Incident Response Processes, including the correct communication channels to report or escalate any security incident.
Needl's security practices ensure that the use of data is transparent, safe, and respectful.
Needl's compliance team performs regular assessments to check that the controls are designed and operating correctly and that identified risks are mitigated appropriately.
Please read our Privacy policy for more details.
Try Needl today!Free training & 24-hour support
Serious about security & privacy
Highest levels of uptime