Stomio is engineered for security and committed to information protection.
Certified by leading third-party cybersecurity auditors.
Both idle and active data is encrypted over public/internal networks and in our databases.
Our databases are built with multi-layer security including encrypted passwords and strict firewall settings.
Our integrations are authorized securely with OAuth2 and user credentials are not stored for those services.
Annual penetration tests are performed by a certified third party consultant.
Regular data backup over multiple regions with a maximum of 24-hour RTP and RPO.
Infrastructure is managed as code with changes going through peer reviews and approvals. We have completely isolated environments for development, staging and production.
Employees’ computers are monitored using third party agent with strong passwords, encrypted disks and antivirus. Access to tools and data is strictly restricted and managed by role.
Web application Firewall is enabled on all public endpoints.