Security at outbound

Data Security

• Encryption at Rest and in Transit: All data is protected using advanced encryption technologies. Communications are secured with TLS 1.2+, and stored data is encrypted to safeguard against unauthorized access.
• Payment Security: We utilize Stripe, a PCI DSS Level 1 certified provider, to handle all payment transactions securely, ensuring sensitive payment details remain encrypted and protected.
• DigitalOcean Security: Our platform benefits from DigitalOcean, providing Firewall, anti-DDoS protection, and enhanced performance to keep your data secure.

Application Security

• Frequent Updates: We implement regular patches and updates to address emerging vulnerabilities, ensuring our platform stays secure.
• Rigorous Testing: Each software release undergoes thorough testing, including automated scans and manual reviews, to detect and address security issues proactively.
• Access Control: Role-based access control ensures that only authorized personnel can access sensitive data, minimizing risks of misuse.

Infrastructure Security

• Physical Security: Secure data centers with access controls (biometrics, proximity cards). 24/7/365 monitoring for physical security breaches.
• Networking:
  • Update the baseline configuration for network devices at least annually or when a significant change occurs.
  • Use the least privilege method when provisioning infrastructure components.
  • Use industry standard transport protocols such as TLS between devices and DigitalOcean data centers, and within data centers themselves.
  • Employ a defense in-depth strategy for boundary protection.
  • Define, implement and evaluate processes, procedures, and defense-in-depth techniques for protection, detection, and timely response to network-based attacks.
  • Establish procedures to synchronize servers and network devices in the DigitalOcean environment with NTP Pool Project servers that sync off of the Global Positioning System (GPS) satellites.
• Servers:
  • Biometric, proximity card, and/or personal identification number (PIN) reader systems used to restrict data center access.
  • Maintain monitoring mechanisms over infrastructure to check server performance, data, traffic, and load capacity.
  • Detect and route issues experienced by hosts in real time and employ orchestration tooling that has the ability to regenerate hosts.
  • Third parties provide a certificate of destruction upon destruction of physical production assets maintained in the collocated data centers.
  • Documented logical access policies and procedures.

Privacy and Compliance

We design our data handling protocols with respect to Singapore’s PDPA, aiming to process your data responsibly and transparently. Our policies prioritize user control, allowing you to request data erasure or access as needed.

Built-In Product Security

• Role-Based Permissions: Custom permissions ensure users access only what they need, enhancing security and minimizing risk.
• Secure Login Options: We offer advanced login features, including Single Sign-On (SSO) and multi-factor authentication, for a seamless and secure user experience.
• Audit Logs: Detailed activity logs provide visibility into system events, allowing swift detection and resolution of any issues.

Continuous Monitoring

• Proactive Monitoring: Our systems are equipped to monitor for unusual activity in real time, with alerts to address potential threats promptly.
• Incident Response: A robust response plan ensures quick containment, investigation, and resolution of any security incidents, minimizing impact on your data.

Partnerships

At outbound, we partner with trusted providers like Auth0, DigitalOcean, DreamHost, and Stripe, incorporating their security best practices into our operations. These measures, combined with our commitment to respecting privacy laws and adhering to stringent security protocols, ensure your sensitive information is handled with care and integrity.