Trust Matters

We are committed to make your organization and ours as secure as possible

Our values

We value three things central to every product decision we make

Privacy

At Secuna, your data is your data. It is also fully encrypted and definitely is NOT monetized.

Security

We make sure that our operations and efforts are designed with security in mind.

Performance

Addressing ISO standards, we are recognized as a top Cybersecurity Assessment Provider.

Our Privacy Principles

Security is the ultimate sophistication

Privacy Principles Illustration

Your data is fully encrypted

All your data is encrypted in transit and at rest, using only industry-accepted software, standards and best practices for data handling and security.

Your data is kept private

It’s our responsibility to be transparent about the data we collect. Our privacy policy’s overarching tenet is that your data will always be your data.

Your data is not monetized

Our business model is based on providing management services and selling our secure platform, not data; we don't monetize customer data in any way.

Data Protection Officer

Secuna has appointed a Data Protection Officer (DPO) as the cross-functional company advocate for security and data privacy. Our DPO is a licensed lawyer with substantial depth of expertise and experience in compliance-related matters.

Data Privacy Act of 2012

Secuna has an internal, cross-functional team to ensure that it adheres to the Data Privacy Act of 2012 of the National Privacy Commission. We handle all user data securely, making sure we remain compliant to privacy laws and regulations.

Our Commitment to Security

We take security to heart

Our operations are designed with security in mind, from handling critical data contained within vulnerability reports to code deployment, patch management, and best practices in operational security.

Improving Our Own Security Illustration

Improving Our Own Security

Engineering and Product Team

We have first class engineers and product designers that also have extensive experience in cybersecurity.

Software Development

We follow the secure SLDC process from quality assurance, code review, architecture analysis, to penetration testing.

Security Awareness and Training

Our employees attend Security and Awareness trainings to gain knowledge and help prevent common security mistakes.

Security Program

We actively run our own Bug Bounty Program on our platform to securely receive, and act on potential security vulnerabilities.

Employee Vetting

We perform extensive background checks on all employees before hiring. It includes employment verification and criminal checks.

Improving Application Security Illustration

Improving Application Security

Security Headers

We implemented strict security headers to effectively prevent and neutralize attacks.

Communications Security

We encrypted all network communications between our server and clients with SSL/TLS with Perfect Forward Secrecy (PFS) and HTTP Strict Transport Security (HSTS).

Password Security and Encryption

We store passwords through Auth0 , a secure authentication and authorization as a service.

Strict Password Requirements

We enforce all of our users to use a password with a minumum of 12 characters in length, combination of numbers, special characters, lower case and upper case letters.

Authentication

We require all users to set up their MFA when signing up. We use Auth0's Multi-Factor Authentication.

Web App Firewall

We leverage on CloudFlare to complement the resilience of our infrastructure.

Payment Security

We don't store credit card information on our servers. We use a PCI-DSS certified provider.

Improving Infrastructure Security Illustration

Improving Infrastructure Security

Infrastructure

All our infrastructure is hosted on Amazon Web Services (AWS) in SOC 1, 2, and 3 andISO 27001 certified datacenters.

Database & Backups

Secuna Database & Backups are hosted in Amazon Web Services (AWS) and are maintained in encrypted form only.

Storage Security

We store files submitted on our platform (such as videos, files, and images) in AWS S3 , encrypted at rest, and served from a sandboxed domain, protecting from Same-origin Policy attacks.

Our Compliance Standards

We follow industry-standard compliance certifications

ISO Logo

ISO 29147

ISO/IEC 29147:2018 provides requirements and recommendations to our customers on the disclosure of vulnerabilities in products and services.

ISO Logo

ISO 30111

ISO/IEC 30111:2019 provides requirements and recommendations for how to process and remediate potential reported vulnerabilities in a product or service.

DICT Logo

DICT Recognition

The Department of Informations and Communications Technology (DICT) recognizes Secuna as one of the Top Cybersecurity Assessment Providers.

PCI Logo

PCI

The PCI Security Standards Council helps develop and implement security standards for account data protection. We do not store, process, and/or transmit cardholder data, and instead use CyberSource, third-party processors certified as a PCI Level 1 service provider. See how CyberSource protects credit card data.

Let's talk

Still Have Questions?

We work continuously to improve our services. If you have any questions or comments, feel free to send us a message at [email protected].