Optimal Dynamics encrypts data at rest and in transit for all of our customers. We use tools like Amazon Web Service’s Key Management System (KMS) to manage encryption keys using hardware security modules for maximum security in line with industry best practices.
Optimal Dynamics regularly engages with security experts for third-party penetration tests. Our penetration testers evaluate the running application, and the deployed environment.
Optimal Dynamics also uses high-quality static analysis tooling to secure our product at every step of the development process.
Optimal Dynamics uses Amazon Web Services to host our application. We make full use of the security products embedded within the AWS ecosystem, including KMS, GuardDuty, and Inspector.
All servers that run Optimal Dynamics software in production are recent, continuously patched Linux systems. Additional hosted services that we utilize, such as AWS Storage, are comprehensively hardened AWS infrastructure-as-a-service (IaaS) platforms.
Our web servers encrypt data in transit using the strongest grade of HTTPS security (TLS 1.2+) so that requests are protected from eavesdroppers and man-in-the-middle attacks. Our SSL certificates are 2048 bit RSA, signed with SHA256.
Internal tier-to-tier requests are signed and authenticated to prevent request forgery, tampering, and replay.
All persistent data is encrypted at rest using the AES-256 standards or similarly high standards.
Optimal Dynamics employee computers have strong passwords, encrypted disks, and firewalls.
All changes to source code destined for production systems are subject to pre-commit code review by a qualified engineering peer that includes security, performance, and potential-for-abuse analysis.
Prior to updating production services, all contributors to the updated software version are required to approve that their changes are working as intended on staging servers.
Optimal Dynamics infrastructure utilizes multiple and layered techniques for increasingly reliable uptime, including the use of autoscaling, load balancing, task queues and rolling deployments. Currently we also make point-in-time backups, making unintentional loss of received data due to hardware failures very unlikely.
If you have any questions, please reach out to firstname.lastname@example.org.