All employees are required to agree and adhere to an industry-standard confidentiality agreement prior to their first day of work.
We use Heroku, which runs on Amazon Web Services, to host all back-end servers and databases. For more information on Heroku’s security processes, please visit Heroku Security. For more information on AWS’s security processes, please visit AWS Security.
Tether keeps your data encrypted and secure. All databases are encrypted at rest, and Tether applications encrypt in transit with TLS/SSL only for all connections.
We use our data hosting provider’s backup services to reduce any risk of data loss in the event of a hardware failure. We utilize monitoring services to alert the team in the event of any failures affecting users.
We have processes in place for handling information security events, including escalation procedures, rapid mitigation, and communication.
Access to cloud infrastructure and other sensitive tools is limited to authorized employees who require it for their role. Where available, we implement 2-factor authentication (2FA), and strong password policies to ensure that access to cloud services is protected.
We follow the principle of least privilege with respect to identity and access management.
Quarterly access reviews are performed on all employees with access to sensitive systems.
Our entire team is required to adhere to a minimum set of password requirements and complexity for access.
All company-issued laptops are encrypted and utilize a password manager for team members to manage passwords and maintain password complexity.
Tether collects the minimum amount of information necessary to provide a streamlined and personalized experience. Additionally Users can request information deletion at any time in compliance with CCPA and GDPR regulations.
Within the Tether database, the following data is collected for Users:
Within the Tether database, the following data is collected for Organizations:
System logs may retain traces of User and Organization activity for up to thirty days in order to support security and maintenance efforts, after which point they are deleted.