Protecting your data with advanced security features and strict guidelines that meet even the most rigorous enterprise specifications.
Platform Infrastructure
Our core commitment is to the security and integrity of your data. That’s why we chose Amazon Web Services, the world’s leading cloud platform, to host our infrastructure.
AWS Standards
With AWS powering our platform, we uphold the highest global standards in AWS architecture, server operations, and compliance to host your data. Running your business on SLATE means confidence that your data is secured by AWS best practices and the industry’s most advanced cloud security controls. Learn more about AWS security practices here.
Physical Security
SLATE data is hosted in AWS data centers that have been certified as ISO 27001, PCI/DSS Service Provider Level 1, and/or SOC II compliance.
AWS data centers are secured by global AWS Security Operation Centers and advanced physical security measures which you can read more about here.
Network Security
Our network security architecture includes multiple security zones to ensure
constant protection against unauthorized access.
We use Sqreen, a third-party security solution, to monitor and safeguard our infrastructure from automated scanners, bots,
and targeted attacks. Sqreen blocks attacks, alerts us to critical threats, and provides advanced features like IP blocking
and firewalls to monitor and control network traffic.
Dedicated Security Team
SLATE’s dedicated rapid-response security team provides 24/7 proactive monitoring and swift responses to security alerts and events.
Application Security Protection
SLATE integrates advanced protections with Sqreen to safeguard our applications and protect users from data breaches. Sqreen defends against critical attack types like SQL injections and cross-site scripting, adds security headers, and blocks attacks in real time. Its runtime protection system detects and prevents OWASP Top 10 vulnerabilities and business logic attacks, alerting us if attackers start stressing our applications.
Availability and Continuity
System Status Monitoring
We provide a publicly available status page with real-time system status, security event history, and scheduled maintenance updates.
AWS Auto-Scaling and Load Balancing
Our platform leverages AWS features like auto-scaling and elastic load balancing to ensure apps are always optimized for speed, high availability, and redundancy.
System Updates
Our public updates page provides a chronological history of recent updates, including new features, improvements, and bug fixes.
Backup and Restore
All active SLATE apps are backed up daily, encrypted with AES-256 keys, and stored across multiple, separate locations. Backups can be instantly restored by support. Users can also manually export their data to a CSV file at any time.
Redundancy
Data is stored on multiple databases to prevent single points of failure and ensure availability. Information is distributed across various geographic locations and time zones, with daily backups stored separately for additional redundancy.
Disaster Recovery
We enforce strict disaster recovery protocols, including daily encrypted backups, regular testing, and strategic planning to ensure data is available and recoverable in case of disaster.
Data Export
Easily create exportable templates or automate data backups to seamlessly export your data from the platform.
Encryption
Encryption in Transit
All data sent to and from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS).
Encryption at Rest
All user data, including passwords, is encrypted at rest using robust encryption algorithms within the database.
Gov.-Grade Encryption
We use SHA-256 and AES-256 encryption—the strongest encryption standards utilized by governments, banks, and federal agencies worldwide.
Product Security Features
IP Whitelisting
Enable IP address whitelisting in your app settings to ensure your apps are accessible only from authorized networks.
Page time-out settings
SLATE customers can set custom time-out durations to ensure that unattended devices require re-login after a specified period for continued access.
Granular Page Controls
Assign roles to each user and define data access permissions for each role. Limit access to specific pages and sections within your app to only those users you deem relevant and authorized.
We recommend following a least-privilege approach, enabling only the necessary pages rather than blocking restricted ones. For more information on optimizing user roles and permissions, contact [email protected]
Login Logs
Track all successful and failed login attempts to your application.
Block Failed Login Attempts
Enable custom settings to block an IP or user after a specified number of login attempts within a set time frame.
Record-level Security
Establish connections between users and records to ensure logged-in users can access only the records associated with them.
Two-Factor Authentication (2FA)
Require two-factor authentication for users to log in to your app.
Singe Sign On (SSO)
Use Single Sign-On (SSO) to require users to log in through a specified provider, such as Google.
Password Protection
Set custom password policies for each user and application to ensure passwords meet the specific requirements you determine for each app and user.
Whitelisted Email Domains
Enable domain whitelisting to allow sign-ups only from approved domains.
Password Encryption
All user passwords are securely encrypted and hashed.
Email Logs
Track and monitor all emails sent from your app.
API Keys
Secure your app with advanced permissions for API keys, including options to enable or disable access to delete, edit, or retrieve records. You can also activate or deactivate API keys as needed.
Builder Logs
Track and monitor all changes made to your app within the builder.
Delete Logs
View and track all deleted records within your app.
Record Change Logs
View all changes made in your app, along with metadata such as location, IP address, browser, and user details.
Data Encryption
All data is encrypted and secured with SSL..
Policies
Privacy Policy
SLATE provides a publicly available Privacy Policy outlining our corporate practices to keep your data private and secure. Check full Privacy Policy
Employee Policies
As part of our SOC 2 compliance, we follow best practices for employee onboarding and offboarding, including background checks and training to protect customer data. Employees access customer data only with explicit customer permission, per SOC standards and our privacy policy. All employees sign confidentiality agreements to uphold our privacy policies.
Data Ownership
You retain full ownership of any data stored on SLATE; we claim no ownership over your data.
Development Policies
SLATE engineers conduct all development and testing on a separate platform, isolated from live data. Bugs, errors, and vulnerabilities are fully tested in our 'development sandbox' to ensure live data is unaffected. SLATE uses Sqreen to remediate vulnerabilities identified in security tests, audits, or bug bounty programs, and we are alerted to any known vulnerabilities in production dependencies.
Data Access
If you require support, you can grant SLATE's support team access to your account to troubleshoot issues with your applications or account. By default, support access is disabled and can only be enabled by an account admin in your app’s security settings. All support access is logged, time-stamped, and conducted through a secure VPN, monitored by our dedicated security team for alerts or events.
Compliance
AWS Compliance
Amazon undergoes continuous third-party audits and holds compliance certifications from strict programs, including SOC 3 and ISO 27001. Learn more about AWS compliance here.
Privacy Policy
SLATE provides a publicly available Privacy Policy outlining how we keep your data private and secure.
DMCA
SLATE respects intellectual property rights and provides a publicly available Digital Millennium Copyright Act (DMCA) Policy.
GDPR
SLATE is GDPR-compliant, protecting the personal information of EU citizens and giving them control over their data. For more information on our GDPR readiness or to obtain our Data Processing Addendum for paid plans—which extends terms for personal data processing—please contact us at [email protected]
HIPAA
SLATE offers HIPAA compliant editions of our platform which will include field level encryption, password policies, and BAA agreements. Please contact us for more details at [email protected]
Penetration Testing
SLATE conducts annual penetration testing (PenTesting) on all production environments used for data storage and processing.