Sortly Security & Compliance

How does Sortly protect my data in the cloud?

Sortly uses industry-standard security practices to safeguard your data, which is stored in the cloud and monitored by our team. Below, we answer key questions about our cloud hosting and security practices:


Cloud Hosting Provider

Sortly uses Amazon Web Services (AWS) for cloud hosting.

Data Location

Our cloud services, including backups, are hosted in the US-West-2 (Oregon) AWS region.

Certifications

Sortly does not hold any certifications at this time.

Data Encryption

  • In transit: We use SHA-256 with RSA.
  • At rest: Data is secured with AES-256 encryption.

Data Ownership

All data belongs to the customer. You can export your company’s data at any time. Upon request, we will permanently delete all data from Sortly’s servers.

Authentication Methods

Our application uses OAuth2 for login and API authentication. Customers on the Enterprise Plan can set up Single Sign-On (SSO) with either OAuth2 or SAML v2.

Two-Factor Authentication (2FA)

Sortly does not support 2FA internally. However, customers on the Enterprise Plan can enable 2FA via their external identity provider.

Intrusion Detection/Prevention Systems

Sortly does not currently use automated intrusion detection or prevention systems.

Administrative Access

Only authorized employees of Sortly, Inc. have administrative access to the platform.

Ownership & Retrieval Rights

Customers retain full ownership of their content. Sortly will not use or access your data without explicit permission.

Antivirus Protection

Antivirus protection is provided through the AWS EC2 instances that host Sortly.

Privacy Policy

You can view our privacy policy here: Sortly Privacy Policy.

Breach Management

We have internal protocols for immediate communication and a plan for maintaining system integrity in the event of a breach.

Business Continuity Plan

Sortly does not have a formal Business Continuity Plan at this time.

Data Backup

We back up your data daily, and backups are stored for 35 days.

Import/Export Procedures

Sortly provides an in-app import/export feature, and an API is available for data migration.

Third-Party Penetration Testing

We have not yet conducted independent third-party penetration testing.

Malware Protection

Sortly regularly scans all service images and uses a limited AWS VPC. REST endpoints are throttled and monitored for suspicious activity.

Software Updates

We release software updates weekly, with hotfixes applied as necessary. Our stack and libraries are routinely updated for security.

Data Recovery

Daily backups ensure data recovery in case of a disaster. Backup data is stored for 35 days.

Redundancy Measures

Our database is replicated across three instances to ensure data reliability and continuity.

User Roles

Sortly defines three user roles:

  • Owner: Full access, including settings and billing.
  • Admin: Full access except for user management and billing
  • Team Member: Can be assigned read-only or edit access to specific item groups.

Activity Logging

We log server and client operations for 30 days via DataDog for monitoring and debugging. Company transactions are stored and available through the Activity History report.

Personal Data Archiving

Personal data resides solely in our relational database and Elasticsearch instance for search purposes. It is only included in backups and does not appear in logs, which use IDs instead of personally identifiable information.

Data Availability

Customers can access and export all their company’s data in CSV, XLS, or PDF formats at any time.

Test and Development Data

We do not use customer data in our test or development environments.


For any technical questions not covered here, feel free to reach out to our Support Team.

Was this article helpful?
23 out of 31 found this helpful