Updates to Our Privacy Policy

We have updated our Privacy Policy effective March 27th, 2019. Learn More

Neura Security Policy

Updated 07.03.2019

Your Data is Safe with Neura.

Especially today, we understand the importance of protecting and securing user data, and we take proactive steps to keep this a top priority.  At Neura, we have implemented technical and organizational measures to protect information against all unlawful forms of processing — including accidental loss, unlawful destruction, alteration, unauthorized disclosure or access, and more.

Neura prioritizes taking steps to ensure that any acquired personal information is accurate, complete, current and reliable for its intended use.

To demonstrate our deep commitment to security, Neura regularly:

  • Monitors and analyzes infrastructure for suspicious activities and potential threats.
  • Issues periodic security internal review.
  • Dynamically updates the security model and addresses new security threats.
  • Systematically examines the organization’s information security risks, taking into account threats and vulnerabilities.
  • Designs and implements a coherent and comprehensive suite of information security controls and/or other forms of risk treatment (such as risk avoidance or risk transfer) to address the risks deemed unacceptable.
  • Adopts an overarching management process to ensure that information security controls continue to meet the organization’s evolving information security needs.

Neura Encrypts Data in Transit and at Rest

We design our systems to ensure data is protected at all times. Specifically, all mobile-server and server-server communication that includes user’s data is encrypted (SSL), and sensitive data is hashed or encrypted.

Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit, and AES-256 to encrypt data at rest, so you don’t have to worry about your data’s security at any point of our process.

But it doesn’t stop there. Neura’s cloud-based solution is deployed using Amazon Web Services (AWS), enabling us to guarantee high security through utilizing a series of high tech solutions that are the best in the industry to ensure the safety of all user data on the AWS network.

All encryption keys are stored in a secure server on a segregated network with very limited access.

Neura has implemented appropriate safeguards to protect the creation, storage, retrieval, and destruction of secrets such as encryption keys and service account credentials.

Authorizing Access

At Neura, our server network can only be accessed via SSL VPN with public key authentication, and the services we use are protected with Two Factor Authentication. Moreover, all access to our web portal is secured over HTTPS using SSL 256-bit encryption. Customer data is stored only in the production environment, and data moved to any non-production environment is subject to obfuscation of all PII.

Product Security Practices

Neura not only protects your data with external checks, but also applies best practices internally. This includes: secure coding, code reviews, and testing practices — including unit tests, functional tests, regression tests, performance tests and penetration tests.

This even extends to our internal innovation. When we create new features, functionality, and designs,  they go through a security review process facilitated by our security team. If you had even the slightest doubt at this stage, our code is audited with automated code analysis software, tested, and manually peer-reviewed prior to being deployed to production. The security team works closely with development teams to resolve any additional security concerns that may arise during development. In short: before release, we ensure the highest standards of security review.

Neura uses a hybrid analysis solution, prioritizing some of the analysis to our mobile engine located in the SDK, and off-loading other data for processing to AWS’s infrastructure.

Network Security

Applications in the cloud have firewalls installed to shield them from attack and prevent the loss of valuable customer data. These firewalls are configured to serve as perimeter firewalls to block ports and protocols.

Production databases are accessed only with special authorized and privileged access.

All application access, including direct application access and API access, are protected by a dedicated DDoS mitigation service — ensuring high availability at all times as well as preventing attacks and malicious activities.

Firewalls are configured according to the best industry practices and unnecessary ports are blocked by configuration with AWS Security Groups.

External Security Audits and Penetration Tests

At Neura, we work very closely with industry leaders who perform application and network penetration tests and audits to verify that our security practices are sound, and to monitor Neura’s services for new vulnerabilities. Importantly, we also employ the use of continuous automated code scanning of our platform.

System Monitoring, Logging and Alerting

Neura monitors servers to retain and analyze a comprehensive view of the security state of its production infrastructure. Neura then collects and stores these logs for analysis, which are in turn stored and indexed in a separate environment.

Secure Hosting Environment

Neura uses Amazon’s Virtual Private Cloud and segmented network. All data center facilities managed by Amazon Web Services are SAS 70 Type II certified, SSAE 16 (SOC 2) Compliant and feature proximity security badge access and digital security video surveillance.

Neura stores data in multiple and different types of databases: file systems, relational databases, No-SQL and document databases. The data is distributed over multiple databases and each holds only fragments of the data that can be accessed only by segregation of duties.

AWS implements advanced security countermeasures. If you want to learn more, check out the following links:

https://aws.amazon.com/compliance
https://aws.amazon.com/security

Backup

We consistently backup the data of our customers to ensure business continuity.

Incident Management

In the unlikely event of a security incident, Neura has constructed incident response and notification procedures to answer them effectively. Neura uses monitoring and tracking tools, performs real-time analysis, and has clear procedures in place for communicating incidents to any involved party, as well as for handling escalations.

In the event of a security breach, Neura will promptly notify you of any unauthorized access to your end users. Neura has incident management policies and procedures in place to handle such an event.

Security Awareness and Training

Our security checks extend to our own workers. To ensure that Neura employees are aligned with these security practices and aware of their duties, Neura conducts an annual security awareness session and requires security training for every new employee. Each employee must also pass the test of security awareness and best practices.

Our engineering and operation teams keep their skills up to date regarding security best practices.

ISO/IEC 27001:2013

Neura has achieved International Organization for Standardization (ISO) certification for information security management: ISO/IEC 27001:2013 is the most rigorous global security standard for information security management systems (ISMS).

Contact

Neura’s Security Committee is in charge of setting and enforcing security standards and policies and managing security incidents.

Security Officer – Triinu Magi, CTO

For information about the data we collect and what we use it for, please review our privacy policy.

For any issues or questions please contact us at support@theneura.com!