Data Storage

Safety io services and infrastructure are hosted in data centers managed by Amazon Web Services (AWS) in the USA. AWS is recognized as one of the most secure infrastructures in the world.

For more information on AWS hosting and physical security policies, visit https://aws.amazon.com/compliance/data-center/controls/

Access Controls and Authentication

In keeping with security best practices, Safety io employs industry-standard password policies. In order to upload or access data, we require verified user authentication.

SAML (security assertion markup language) authentication is available for all customers. However, if needed, we can create local accounts.

Data Access and Usage

Safety io provides an advanced set of access, encryption, and logging features to help customers access and control their data more effectively.

Access to customer systems and data within our production network is restricted only to authorized operations engineers within Safety io.

We do not access or use customer content for any purpose without customer consent.

Backups and Recovery

At Safety io, we back up customer data every 12 hours and run a backup restoration test daily.

Backups are encrypted and available to customers upon request.

Encryption in Transit

Every communication with Safety io is encrypted using industry best practice HTTPS and Transport Layer Security over public networks. Encryption during transit helps ensure that information cannot be read or manipulated by unauthorized third parties.​

Encryption in Rest

Data at rest is stored in encrypted format using AES-256-bit encryption. Safety io leverages AWS Key Management Service (KMS) to administer and maintain encryption keys.

Secure Software Development

Safety io takes a very secure approach toward software development and runs fully isolated environments for testing, staging, and production.​ No production data is ever used for testing purposes​.​

Our People

• All Safety io employees undergo regular security and privacy trainings, which cover Safety io’s security policies, security best practices, and privacy principles.
• Engineering team members are trained on secure development practices, including avoidance of the OWASP Top Ten web application vulnerabilities. ​
• Background checks are conducted for all new hires, which includes identity verification and professional reference checks.
• Our standard employement contract requires employees to sign a confidentiality clause.​
• All laptops issued to Safety io employees are monitored real time with centrally managed endpoint protection.

Our Organization ​

As part of our information security program, Safety io maintains multiple internal policies and procedures that align with the ISO/IEC 27001:2013 certification standard.

Safety io also has a dedicated security team that performs phishing awareness campaigns and internal vulnerability scans, as well as coordinates third-party penetration tests and audits.​

Incident Response

Safety io maintains an incident response plan, which details roles, responsibilities, and procedures in case of an actual or suspected security incident.​

• Security incidents submitted to security@safetyio.com or via customer support will be resolved in accordance with our established policy.​
• Safety io will promptly notify affected customers and, as required, legal and regulatory authorities in the event of a breach involving exposure of customer data.​

Annual Penetration Tests

Safety io undergoes annual penetration tests on its applications, infrastructure, and APIs, all of which are conducted by a qualified third party. Any vulnerability found is immediately corrected based on our specifications within an internal service level agreement (SLA). At a minimum, internal vulnerability scans are performed quarterly.​

Data Privacy Policy

Safety io has a public privacy policy, which details the types of personal information collected, how this infomation is handled and customers' privacy rights. Further details can be found in the Safety io legal terms and statement.​

MSA takes cybersecurity seriously, but no platform is perfect, including operating error-free or free of harmful code.MSA’s liability is limited per our Terms of Use and SaaS Agreement.