Security Statement for Aurinko API

Last Updated: Nov 1, 2023

At Yoxel, Inc., the Aurinko API product underscores our steadfast dedication to security in the ever-changing digital landscape. Although we haven’t sought ISO 27001 or SOC 2 certifications, our security practices align closely with the rigorous standards and principles of these globally recognized benchmarks.

Hosted on Heroku

Our partnership with Heroku as our hosting provider is instrumental in ensuring the utmost protection for your invaluable data and systems. Heroku assumes responsibility for multiple layers of security, encompassing infrastructure, network, data, system integrity, vulnerability management, data backups, and disaster recovery measures. This strategic collaboration empowers Yoxel to focus our efforts on enhancing the security of the Aurinko API at the application level, emphasizing the robust security of our API and developer portal.

To gain deeper insights into Heroku’s security measures, we invite you to explore Heroku’s Security Page

Key Tenets of Aurinko API’s Security Framework

  1. Proactive Risk Management: At Yoxel, we meticulously manage risks, promptly identifying, assessing, and mitigating vulnerabilities. This process ensures the implementation of protective measures that are continuously scrutinized to safeguard your data.

  2. Data Fortification: Within the Aurinko API infrastructure, data is considered a paramount asset. Therefore, all customer data is subject to robust encryption measures during active transmission, ensuring its confidentiality.

    • Heroku’s managed database service, Heroku Postgres, provides encryption at rest, ensuring that data stored in the database is protected even when it’s not actively in use.
    • Heroku incorporates continuous data protection, which means our data is regularly backed up and can be restored to a specific point in time, reducing the risk of data loss in case of unexpected events or errors.

  3. Mandatory VPN Connections: To bolster data communication security, we mandate VPN connections within our operations. These connections are fortified with advanced security features, ensuring the inaccessibility of data during transit.

  4. Device Encryption: Laptops used within our operations are encrypted, providing an additional layer of protection against unauthorized data access and potential physical breaches.

  5. Access Control: Our comprehensive access control system ensures that only vetted and authorized individuals gain access to critical data and systems. Role-based access, combined with multifactor authentication, ensures data access on a need-to-know basis.

    • Heroku encourages strong password policies and the secure management of access credentials. This includes multifactor authentication (MFA) and robust password management practices, reducing the risk of unauthorized access to your applications and sensitive data.
    • Heroku facilitates the secure rotation of credentials, ensuring that sensitive access keys, tokens, and passwords are regularly updated. This proactive approach mitigates the potential impact of security breaches and unauthorized access.

  6. Robust Cloud Backups: All instances within the Aurinko API’s cloud system are regularly backed up.

    • Heroku provides robust mechanisms for customer application backups, allowing you to safeguard our application data.
    • Heroku incorporates continuous data protection for its Postgres databases, which means our data is regularly backed up and can be restored to a specific point in time, reducing the risk of data loss in case of unexpected events or errors.

  7. Penetration Testing and Vulnerability Assessments: Third party security testing of the Aurinko API product is performed by independent and reputable security consulting firms. Findings from each assessment are reviewed with the assessors, risk ranked, and assigned to the responsible team.

  8. Continuous Enhancement: In a constantly evolving digital landscape, Aurinko API remains committed to refining and enhancing its security measures. This ensures that our practices stay in lockstep with the latest industry advancements and challenges.

Aurinko API’s Commitment to Cybersecurity

In the fast-paced world of digital security, Aurinko API, developed by Yoxel, Inc., remains resolute in its mission to safeguard client data and uphold the integrity of its cloud ecosystem. We acknowledge the vital role of cybersecurity in today’s landscape and continuously invest in enhancing our security protocols. Our approach is not only rooted in our core commitment but is also shaped and fine-tuned through insights from industry-leading security standards.