Security
Security & Data Protection
How we protect your financial data with enterprise-grade security
Last updated: January 1, 2025
Last updated: January 1, 2025
Bank-Level Encryption
AES-256 encryption for all data
Secure Servers
SOC 2 compliant data centers
Regular Audits
Independently verified security
1. Data Encryption
In Transit
- • TLS 1.3 for all web communications
- • Perfect Forward Secrecy (PFS)
- • HSTS and certificate pinning
- • Encrypted API communications
At Rest
- • AES-256 encryption for all stored data
- • Encrypted database backups
- • Secure key management system
- • Regular key rotation
2. Infrastructure Security
Our infrastructure is built on industry-leading cloud providers with enterprise-grade security:
- • SOC 2 Type II certified data centers
- • ISO 27001 compliant operations
- • 24/7 security monitoring and logging
- • DDoS protection and rate limiting
- • Automated intrusion detection
- • Regular penetration testing
3. Access Controls
We implement strict access controls to protect your data:
- • Two-factor authentication (2FA) available for all accounts
- • Role-based access control (RBAC)
- • IP whitelisting options
- • Session management and timeout controls
- • Audit logging of all access attempts
- • Password complexity requirements
4. Application Security
Our development practices prioritize security at every level:
- • Regular security audits and code reviews
- • OWASP Top 10 vulnerability protection
- • SQL injection and XSS prevention
- • CSRF token validation
- • Input validation and sanitization
- • Dependency vulnerability scanning
5. Backup & Recovery
We maintain comprehensive backup and disaster recovery systems:
- • Automated daily backups
- • Encrypted backup storage
- • Geographic redundancy across multiple data centers
- • Regular backup testing and restoration drills
- • Point-in-time recovery capability
- • 99.9% uptime SLA
6. Compliance & Certifications
Indiebooks complies with industry standards and regulations:
- • SOC 2 Type II certification
- • PIPEDA compliance (Canada)
- • GDPR compliance (for international users)
- • PCI DSS standards for payment processing
- • Regular third-party security assessments
7. Employee Security
Our team follows strict security protocols:
- • Background checks for all employees
- • Regular security training and awareness programs
- • Principle of least privilege access
- • Secure development lifecycle practices
- • NDA and confidentiality agreements
- • Immediate access revocation upon termination
8. Incident Response
We have a comprehensive incident response plan:
- • 24/7 security monitoring and alerting
- • Dedicated incident response team
- • Clear escalation procedures
- • User notification protocols
- • Post-incident analysis and remediation
- • Transparent communication with affected users
To report a security issue: security@indiebooks.io
Report a Security Issue
If you discover a security vulnerability, please report it responsibly to our security team.
Email: security@indiebooks.io
Your data is safe with us
Enterprise-grade security that protects your business. Questions? We're here to help.
Contact us