How does Sortly protect my data in the cloud?
Sortly uses industry-standard security practices to safeguard your data, which is stored in the cloud and monitored by our team. Below, we answer key questions about our cloud hosting and security practices:
Cloud Hosting Provider
Sortly uses Amazon Web Services (AWS) for cloud hosting.
Data Location
Our cloud services, including backups, are hosted in the US-West-2 (Oregon) AWS region.
Certifications
Sortly does not hold any certifications at this time.
Data Encryption
- In transit: We use SHA-256 with RSA.
- At rest: Data is secured with AES-256 encryption.
Data Ownership
All data belongs to the customer. You can export your company’s data at any time. Upon request, we will permanently delete all data from Sortly’s servers.
Authentication Methods
Our application uses OAuth2 for login and API authentication. Customers on the Enterprise Plan can set up Single Sign-On (SSO) with either OAuth2 or SAML v2.
Two-Factor Authentication (2FA)
Sortly does not support 2FA internally. However, customers on the Enterprise Plan can enable 2FA via their external identity provider.
Intrusion Detection/Prevention Systems
Sortly does not currently use automated intrusion detection or prevention systems.
Administrative Access
Only authorized employees of Sortly, Inc. have administrative access to the platform.
Ownership & Retrieval Rights
Customers retain full ownership of their content. Sortly will not use or access your data without explicit permission.
Antivirus Protection
Antivirus protection is provided through the AWS EC2 instances that host Sortly.
Privacy Policy
You can view our privacy policy here: Sortly Privacy Policy.
Breach Management
We have internal protocols for immediate communication and a plan for maintaining system integrity in the event of a breach.
Business Continuity Plan
Sortly does not have a formal Business Continuity Plan at this time.
Data Backup
We back up your data daily, and backups are stored for 35 days.
Import/Export Procedures
Sortly provides an in-app import/export feature, and an API is available for data migration.
Third-Party Penetration Testing
We have not yet conducted independent third-party penetration testing.
Malware Protection
Sortly regularly scans all service images and uses a limited AWS VPC. REST endpoints are throttled and monitored for suspicious activity.
Software Updates
We release software updates weekly, with hotfixes applied as necessary. Our stack and libraries are routinely updated for security.
Data Recovery
Daily backups ensure data recovery in case of a disaster. Backup data is stored for 35 days.
Redundancy Measures
Our database is replicated across three instances to ensure data reliability and continuity.
User Roles
Sortly defines three user roles:
- Owner: Full access, including settings and billing.
- Admin: Full access except for user management and billing
- Team Member: Can be assigned read-only or edit access to specific item groups.
Activity Logging
We log server and client operations for 30 days via DataDog for monitoring and debugging. Company transactions are stored and available through the Activity History report.
Personal Data Archiving
Personal data resides solely in our relational database and Elasticsearch instance for search purposes. It is only included in backups and does not appear in logs, which use IDs instead of personally identifiable information.
Data Availability
Customers can access and export all their company’s data in CSV, XLS, or PDF formats at any time.
Test and Development Data
We do not use customer data in our test or development environments.
For any technical questions not covered here, feel free to reach out to our Support Team.