Security

Last updated: 29 July 2024

We understand the responsibility we bear in managing customer data, and we are dedicated to ensuring its safety and security. We maintain a comprehensive set of security policies that continually evolve and adapt as we work diligently to safeguard your information. The protection of customer data is of utmost importance to Supercycle, and we prioritise a security-first approach in the design of our software.

Data Centre Security

To uphold our commitment to security, we host our systems on cloud service providers that align with our stringent security standards. Currently, we use Amazon Web Services, which reflects our values and provides robust physical security measures. For further information on their physical security practices, please visit aws.amazon.com/security

Encryption

We employ encryption at-rest, at-work, and in-transit to ensure the protection of customer data. All our encryption processes adhere to the best practices provided by Amazon Web Services, our trusted encryption provider. This means that all data transmitted between you and our services is encrypted using transport layer security (TLS), and all data stored within Amazon Web Services is encrypted for maximum security.

Two-Factor Authentication

We require employees to use two-factor authentication (2FA) whenever possible for the services we use as a business. Whenever feasible, we enforce the use of 2FA. This ensures that even if a password is compromised, unauthorised access is prevented as cyber attackers would also need physical possession of our 2FA device/s.

Role-Based Access

Access to Supercycle systems is granted to employees on a need-to-know basis, limiting the scope of potential compromise and ensuring security is maintained.

Internal Security Training and Policies

Supercycle maintains a comprehensive set of internal security policies that all employees are required to understand and adhere to. These policies cover various aspects, including the use of strong passwords, full-disk encryption of business computers, email policies, limitations on data use and storage, and more.

Security-Minded Software Development Practices

We adhere to the principle of "security by design" in our software development practices, integrating security considerations throughout the entire software development life cycle. This includes implementing secure coding standards to prevent common vulnerabilities, conducting code reviews before deployment to production, and employing automated testing to identify potential security weaknesses. Our staff undergo regular training to ensure they remain up to date with the latest practices recommended by the Open Web Application Security Project (OWASP).

Up-to-Date Software

To mitigate known vulnerabilities, Supercycle ensures the use of up-to-date versions of operating systems, kernels, packages, and libraries. We prioritise automation as much as possible, using our CI/CD platform, GitHub, to streamline the process of keeping our software stack current and secure in our production environment.

Backups

For all systems containing customer data, we have implemented automated daily backups. Additionally, we enable point-in-time recovery wherever possible. We rely on our trusted cloud provider to handle backup operations, ensuring that backups are encrypted and stored in three separate data centres.

Review and Update

Regular review and testing are essential for the effectiveness of any policy. We conduct thorough policy reviews and testing twice a year. This enables us to identify areas for improvement and promptly implement necessary actions to enhance our security and policies.

Supercycle remains committed to the highest standards of data security, continuously improving our practices to safeguard customer information.