We hold the privacy of your data as a first principle. We are a subscription based business and
we do not leak or sell your data to generate revenue. Needl is the product, not you! To ensure
this, we have put in place strong authentication and access control, security best practices and
data governance, to ensure that your privacy is protected.
Authentication and Access Control
When you click on specific documents or images to view the
return “signed urls” to
you. We first verify that you have access to the content and return a signed URL. The signed
is valid for a limited duration. When the URL is sent to our data store, we verify that the
has not been tampered with and is coming from a legitimate user.
Your needl login and password information is stored on AWS’s Cognito service which is secure
and supports compliance for a variety of standards, SOC2, ISO 27001 etc
). Further beyond, every
data access request you
needl services is authorized via aws cognito. This means that no one other than you gets to
retrieve and view your data
Integrations with other Applications
Wherever possible, we use the OAUTH2.0 (https://oauth.net/2/
authentication standard to
authorize needl to sync your applications. This means we do not store any login credentials
passwords for any of these applications. We store the access and refresh tokens for these
applications in a secure database which is encrypted. You always have the right to revoke
for needl to sync with these applications. For applications like Whatsapp, we get explicit
factor consent from the user (OTP plus QR code scan). The resultant session cookies are
in a secure and encrypted form in our data stores.
AWS Best Practices
We host your data on Amazon Web Services (AWS). AWS is AICPA
SOC2 certified. Furthermore, we have implemented AWS Best Practices to ensure that all your
data is secure
AWS KMS Encryption
All your data in Amazon is stored using Amazon’s AWS Key
Management Service, which uses 256 bit key length encryption, both in our s3 data stores
in our search index. Which means only you can access your data.
We use AWS KMS service which is a server side encryption for data at rest. Server-side
encryption is the encryption of data at its destination by the application or service
that receives it.
All data that is transmitted within our servers and to your
browser has TLS encryption and is secure.
We have already put in place several data governance practices to ensure that your data is
secure, private and also employees have limited access. We are in the process of obtaining ISO
27001 (https://www.iso.org/isoiec-27001-information-security.html) certification and AICPA SOC2