SECURITY
TrueLoyal takes security seriously. We follow widely-accepted industry standards and have worked with several Fortune 500 clients to provide assurances of secure practices.
TRUSTED INFRASTRUCTURE
TrueLoyal’s services are hosted on world-class Amazon AWS infrastructure.
Safe Storage
TrueLoyal utilizes a modern cryptographic hashing algorithm (PBKDF2-SHA256) in combination with password-specific salts and a secret pepper to make stored passwords virtually impossible to recover in the case of a data breach. Users must authenticate via secure TLS connections for TrueLoyal while being displayed and while being configured or edited. Accounts are locked out after 10 unsuccessful attempts.
We use secure TLS connections for TrueLoyal while being displayed and while being configured or edited.
The social network OAuth tokens are always requested with minimum privilege, usually read-only. In particular, Facebook, Twitter, and Instagram tokens are all limited to read-only access of public feed information.
Trusted Infrastructure
TrueLoyal is a cloud service based on the latest technology and we are hosted on Amazon AWS, which has world-class, highly secure data centers. By outsourcing infrastructure such as routers, physical servers, load balancers and DNS servers we can focus on making our application and servers secure. AWS maintains multiple certifications for its data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certification and compliance, please visit the AWS Security website and the AWS Compliance website .
We regularly and automatically scan our infrastructure, networks, and applications for vulnerabilities using multiple scanning techniques. Infrastructure scanners employ an up-to-date database of CVEs and other security advisories and checks our infrastructure for vulnerable or unpatched hardware and software, and application scanners check for web vulnerabilities such as XSS and SQL injection.
Organizational Security
TrueLoyal employs industry best practices for organizational security. We have built our security team around decades of experience in the IT security industry and have worked with several Fortune 500 clients to provide assurances of secure practices.
All employees have full-disk-encrypted laptops, and use two-factor authentication for email and other online accounts wherever possible. The TrueLoyal engineering team also undergoes secure development training and regularly reviews code for application security issues.
Other Notes
Contact and Disclosure
TrueLoyal welcomes and encourages the responsible disclosure of security concerns and vulnerabilities from security researchers and other third-parties. Any and all security disclosures and concerns can be sent directly to [email protected].
Public Data
The vast majority of data displayed on TrueLoyal is published on Social Networks and not considered to be private information. Please contact TrueLoyal security with the specific TrueLoyal if you would like data on specific feeds data classifications.
Policies
For more information on our commitment to providing secure services, please see our Privacy Policy, and Terms of Service.
Acknowledgements
TrueLoyal recognizes the effort and skill that goes into finding and disclosing security flaws. We would like to thank the following individuals for their responsible disclosures:
- Konduru Jashwanth
- Omer Iqbal
Payment Processing
TrueLoyal does not store payment information. Payments are securely transmitted to, and processed by, a third-party payment provider (Stripe).
See Why Consumer Brands Choose TrueLoyal
Let’s talk about how we can help you design and implement a successful program.