Security Policy

Last Updated: 2019-9-03

Tiled understands that the confidentiality, integrity and availability of our customer’s information are vital to their business operations and our own success. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems and processes to meet the growing demands and challenges of security.

 

SYSTEM ARCHITECTURE

Network uptime
We quantify our reliability by offering a 99.5% uptime guarantee to enterprise customers. This guarantee ensures the constant deployment of our services, 24 hours a day, 7 days a week, 365 days a year. While Tiled strives to keep our systems up at all times, we also make intermittent upgrades or improvements from time to time. Any downtime will be communicated to customers beforehand with sufficient notice.
Secure data centers
Amazon Web Services (AWS) and Digital Ocean (DO) power the server requirements for thousands of high-profile companies and government entities. We have partnered with both to provide our web and data services because of their stringent security measures, which include compliance with the following certifications and third-party attestations:
• SAS70 Type II audits
• Level 1 service provider under the Payment Card Industry (PCI) Data Security Standard (DSS)
• ISO 27001 certification
• U.S. General Services Administration FISMA-Moderate level operation authorization
To learn more about the security procedures employed by AWS and DO, please review their documentation.
Encryption
Because Tiled stores your valuable data and in some cases, Personal Identifiable Information (PII) (e.g. name and email), Tiled endeavors to encrypt data wherever possible. As such, we abide by two sets of encryption principles: encryption in transit (https) and encryption at REST. For the former, we aim for all data passing over the wire to be encrypted using standard HTTPS connections. For the latter, we rely on MongoDB Atlas to provide data storage, encryption and security. You can find more information on how data is secured here.

CONTENT SECURITY

Password authentication
Tiled supports sign-on with a unique username and password. Only salted one-way hashes of passwords are stored by our servers, never the passwords themselves. Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
Permission controls
We follow security best practices by using least privilege access principles to protect your data. Role-based permissions system is available to Tiled user administrators.
Administrators may:
• Seize control of a user account if that user’s employment has ended
• Set pemissions for each user, including view-only, edit, and document ownership
Data ownership
Tiled claims no ownership over any documents created through our services. Users retain copyright and any other rights, including all intellectual property rights, on created documents and included content. We respect your privacy and will never make your documents publicly available without permission.
Continuous monitoring
Tiled performs regular internal security design reviews. Our live systems are continuously monitored and supported; any issue will be reported and fixed as soon as possible.