Security Policy

 

Last Updated July 2, 2024

Application of this Security Statement

Thank you for visiting Aspyr Digital’s (“AD”) Website (the “Website”). This Security Statement describes AD’s policy and practices in relation to Security.

The Security and Privacy teams at Aspyr Digital set policies and controls, oversee adherence to those controls and validate the company’s security and compliance to external auditors.

Our policies are based on the following foundational principles:

1.    Access should be restricted to only individuals with a genuine business requirement, and permissions should be granted based on the principle of providing the minimum level of access necessary.

2.    Security controls should be implemented and structured in multiple layers, following the principle of defense-in-depth.

3.    Security controls should be implemented uniformly across all parts of the organization.

 

4.    The implementation of security controls should be an iterative process, continuously evolving to improve effectiveness, increase auditability, and reduce friction.

 

Data Protection

Data at Rest

All data stores containing customer data, including S3 buckets, are encrypted at rest. Sensitive data collections and tables also utilize row-level encryption. This ensures that the data is encrypted before it reaches the database so that neither physical access nor logical access to the database is sufficient to read the most sensitive information.

Data in Transit

Aspyr Digital’s platforms use TLS 1.2 or a higher version for all data transmissions over potentially insecure networks. The management of server TLS keys and certificates is handled by AWS, and they are deployed through Application Load Balancers.

Secret Management

Encryption keys are managed using the Amazon Web Services (“AWS”) Key Management System (“KMS”). KMS stores the key material in Hardware Security Modules (“HSM”), which prevents direct access by any individuals, including employees of Amazon and Aspyr Digital. The keys stored in the HSMs are used for encryption and decryption through the Amazon KMS Application Programming Interface (“API”).

Additionally, application secrets are encrypted and stored securely using AWS Secrets Manager and Parameter Store, and access to these values is strictly limited.

 

Security Officer

All comments, questions or concerns regarding AD’s security should be forwarded to our Security Officer as follows:

Aspyr Digital

Address: 435 King Street North, Waterloo, Ontario N2J 2Z5

Attention: Security Officer

E-mail: security@aspyrdigital.com