According to our status page.
Encryption in transit
All data sent to or from our infrastructure is encrypted in transit using industry-standard Transport Layer Security (TLS 1.2). You can view our SSLLabs report here for termius.com, api.termius.com, and account.termius.com.
Encryption at rest
All of our users' data (including passwords) is encrypted in the database using battle-tested encryption algorithms. In addition, our users' synchronized data is encrypted using end-to-end encryption.
We offer customers the option to delete their data at the end of their subscription. All data is then completely removed from the dashboard and server. Users can request the removal of usage data through the account page or by contacting support.
Read more about our privacy policy at https://termius.com/privacy-policy.
Our systems have 99.99% uptime according to our status page.
We collect and store logs to provide an audit trail of our application activity.
We use technology to monitor exceptions and logs and to detect application anomalies.
We use a security monitoring solution to monitor our application security, detect attacks, and respond quickly to a data breach.
We use security headers to protect our users from attacks. You can check our grade on this security scanner for termius.com, api.termius.com, and account.termius.com.
We use security automation capabilities that automatically detect and respond to threats targeting our apps.
All of our services run in the cloud. We don't host or operate our routers, load balancers, DNS servers, or physical servers. Our service is based on Amazon Web Services. They provide strong security measures to protect our infrastructure and comply with most certifications. You can read more about their practices here.
Our network security architecture consists of multiple security zones. We monitor and protect our network to ensure that unauthorized access does not occur using:
A virtual private cloud (VPC), a bastion host, or VPN with network access control lists (ACLs) and no public IP addresses.
A firewall that monitors and controls inbound and outbound network traffic.
IP address filtering.
We use Distributed Denial of Service (DDoS) mitigation services powered by an industry-leading solution.
We adhere to security best practices and frameworks (OWASP Top 10, SANS Top 25). We use the following best practices to ensure the highest level of protection in our software:
Developers participate in regular security training to learn about common vulnerabilities and threats.
We review our code for security vulnerabilities.
We regularly update our dependencies and make sure none of them has known vulnerabilities.
We use Static Application Security Testing (SAST) to detect basic security vulnerabilities in our codebase.
We rely on yearly third-party security experts to perform penetration tests of our applications.
