WideAngle

Security & Trust Center

Your data security is our top priority. Learn how we protect your information.

AES-256 Encryption
GDPR Compliant
99.9% Uptime SLA
Implemented

Data Encryption

All data encrypted at rest with AES-256 and in transit with TLS 1.3

Implemented

Secure Infrastructure

Hosted on AWS with SOC 2 Type II certified infrastructure

Implemented

Privacy by Design

Built with privacy-first principles, GDPR and CCPA compliant

Implemented

Access Controls

Role-based access control (RBAC) and two-factor authentication

Implemented

Incident Response

24/7 monitoring with 72-hour breach notification commitment

Implemented

Regular Backups

Automated encrypted backups with 30-day retention

Our Security Practices

Data Encryption

We use industry-standard encryption to protect your data at every stage:

  • At Rest: AES-256 encryption for all data stored in our databases (DynamoDB) and file storage (S3)
  • In Transit: TLS 1.3 encryption for all data transmitted between your device and our servers
  • Backups: All backup data is encrypted before storage

Infrastructure Security

WideAngle is hosted on Amazon Web Services (AWS), a SOC 2 Type II certified cloud provider:

  • Data Location: US East (N. Virginia) region with geographic redundancy
  • Serverless Architecture: Lambda functions with automatic scaling and isolation
  • DDoS Protection: AWS Shield and CloudFront for traffic filtering
  • Network Security: Private networks, security groups, and least-privilege access

Access Controls

We implement strict access controls to prevent unauthorized access:

  • Two-Factor Authentication (2FA): Optional 2FA for all user accounts
  • Role-Based Access: Granular permissions based on user roles and responsibilities
  • Password Requirements: Minimum 12 characters with complexity requirements
  • Session Management: Automatic timeout after 24 hours of inactivity
  • Audit Logging: All administrative actions are logged and monitored

API Security

Our APIs are designed with security best practices:

  • Rate Limiting: Protection against abuse with 100 requests/minute per user
  • Input Validation: All inputs validated and sanitized to prevent injection attacks
  • Authentication: JWT tokens with short expiration times (15 minutes)
  • CORS Protection: Restricted to authorized domains only

Compliance & Certifications

We adhere to industry standards and regulatory requirements:

  • GDPR Compliant: Full compliance with EU data protection regulations
  • CCPA Compliant: California Consumer Privacy Act compliance
  • Data Processing Agreements: Available for enterprise customers
  • In Progress
    SOC 2 Type I: Working toward certification (available upon enterprise customer request)

Incident Response

We have comprehensive procedures for handling security incidents:

  • 24/7 Monitoring: Continuous security monitoring and alerting
  • 72-Hour Notification: GDPR-compliant breach notification within 72 hours
  • Incident Response Team: Dedicated team for rapid response and containment
  • Post-Incident Review: Thorough analysis and process improvements after incidents

Third-Party Sub-Processors

We work with trusted third-party service providers to deliver our service. All sub-processors are bound by strict data processing agreements:

Service ProviderPurposeLocation
Amazon Web ServicesCloud hosting and infrastructureUnited States
StripePayment processingUnited States
Amazon SESTransactional email deliveryUnited States
AppleApple Wallet pass deliveryUnited States
GoogleGoogle Pay pass deliveryUnited States

Report a Security Issue

If you discover a security vulnerability, please report it to us immediately.

Security Contacts

Security Issues:security@contactsolution.io
Privacy Questions:privacy@contactsolution.io
General Support:support@contactsolution.io

We are committed to working with security researchers to verify and address any potential vulnerabilities.