Show as a product of Animaker, is committed to offering the highest standards of security to its customers. Protecting customer data is our utmost priority. In this context, we maintain world class security standards in protecting the data of our customers. Show has employed stringent organizational and technical measures to protect customer data from unauthorized access, usage and misuse.
ISO 27001:2013 Certification
EU-US Privacy Shield
General Data Protection Regulation(GDPR)
California Consumer Privacy Act(CCPA)
Show works with independent third party firms to conform to security practices that consistently meet industry best standards. We are an ISO 27001:2013 certified company. Show is willing to share the ISO certification upon reasonable request by clients.
Show uses the payment processing platform Braintree. For more information on Braintree’s security practices, please see https://www.braintreepayments.com/features/data-security
Show makes sure its processes and procedures are compliant with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). To know more details please visit our Privacy Policy here.
Show follows a structured code development and release process. As part of this process, all code is peer reviewed. Show makes purpose-built code analysis tools available for engineers to deploy against application code. Show also performs continuous post-production tests based on real-time threats. Show conducts rigorous internal continuous testing of its application surface through various types of penetration test exercises. In addition, Show coordinates external 3rd party penetration testing using qualified and certified penetration testers.
Show Backend is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities. In addition, once a year, we perform a thorough and detailed penetration testing using third party penetration testing companies.
All members of our team go through a Security awareness training for increased security awareness on a regular basis.
Data in transit and at rest is encrypted. We are using AWS KMS (Key Management Service) for all our keys. The data connection to our application is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). We use the SSL certificate signed by GoDaddy. All symmetric key encryption commands used within the HSA use the Advanced Encryption Standards (AES), in Galois Counter Mode (GCM) using 256- bit keys. The analogous calls to decrypt use the inverse function.Amazon EC2 EBS volume is encrypted using AES- 256-XTS. This requires two 256-bit volume keys, which is like a 512-bit volume key. The volume key is encrypted under a Customer Master Key and stored along with volume metadata.
Show has a formal and documented security awareness training program during the on-boarding process and other training, which happens once every six months.
Show has a documented and formal incident response plan. Show performs annual testing of its emergency response processes. Our employees are trained in how to communicate incidents internally and our customers are kept informed of incidents that affect their service via e-mail.Show has a well defined and rigorous incident management process for security events. If an incident involves customer data, Show will inform the customer and support investigative efforts via our support team within 72 hours. After a security event is fixed we record a detailed root-cause analysis. This is then assimilated by Show such that we can detect any actions in the future. Show can support properly formed requests for specific tenant data when requested by law enforcement. Individual customers get notified should an incident impact their data.
Show has an established automation process that enables us to seamlessly deploy changes to the Show application and platform. This enables us to address security issues as soon as possible.
Show operates on Amazon Web Services (“AWS”); All our scoped data and systems are hosted on AWS. So, AWS Infrastructure and its Network Security will be taken care of by AWS as detailed in the AWS SOC2 report. In addition, Show's cloud security team periodically monitors and reviews the scoped environment's network configuration and security.
Show services and data are hosted on Amazon Web Services (AWS) (us-west-2 and us-east-1). Show customer data is stored in multi-tenant datastores.We exercise stringent privacy controls in making sure that one particular data is secluded from other customer data.Show conducts integration tests in place to check our privacy controls. These tests are run every time our codebase is updated and even one single test failing will prevent new code being shipped to production. Each Show system used to process customer data is adequately configured and pathed using commercially-reasonable methods according to industry-recognized system-hardening standards and security practice.
Show data is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests. Show uses strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. Show also encrypts data at rest using an industry-standard AES-256 encryption algorithm.
Show believes in the Zero Trustnetwork security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the internet. Show has a Zero Trust security model in place. Show offers no additional privileges or corporate resources from being on the Show network. Show has established two-factor authentication (2FA) and strong password policies on GitHub, Google, AWS, and Intercom to ensure access to cloud services are protected.
Show enables permission levels to be set for any employee with access to Show Scoped Systems. Permissions and access can be set to include app settings, billing, and user data.
Show makes sure that every action on the Show network is logged and audited. Production control activities are logged as well.