Security Overview

This document is intended for any PrevailHQ customer or potential customer who wants to learn more about how PrevailHQ approaches security. PrevailHQ is SOC 2 Type 2 certified.

PrevailHQ Security Principles

We believe that the best way to achieve security is to build all systems and processes with security in mind and to leverage all modern tools and standards.

Our high level security principles include:

Infrastructure Security

Render

PrevailHQ uses Render to assist with infrastructure management, scaling, and security. Render is a cloud application platform running within AWS and used by organizations of all sizes to deploy and operate applications throughout the world. Render is designed to protect from threats by applying security controls at every layer from physical to application, isolating customer applications and data, and with its ability to rapidly deploy security updates without customer interaction or service interruption.

Render has security standards published here: https://trust.render.com

The environment is protected with the following and more:

Amazon Web Services

PrevailHQ also leverages Amazon Web Services (AWS) for certain infrastructure, and Render actually uses AWS infrastructure.

AWS has security standards published here: https://aws.amazon.com/security/ and https://aws.amazon.com/compliance/

Amazon is one of the most trusted hosting providers in the world. Amazon maintains a series of security certifications including:

AWS environments are continuously audited, with certifications from accreditation bodies across the globe. Amazon provides all server management for Render and PrevailHQ. PrevailHQ is hosted in the US-Central Amazon data center.

Application Security

PrevailHQ runs a modern web application and API backend. Our application is designed with security in mind.

Development Practices

We have robust testing framework in place which includes both automated testing as well as manual testing.

All code is reviewed by at least two engineers before pushing to production, and all deployments are signed off by the CTO.

If code is related to security or deemed to be high risk, at least three engineers must review the code, and additional testing must be completed before deployment.

Automated Code Reviews include:

We review and promptly update any third party software used based on recent security updates.

Vulnerability Testing

Database Security

Security Incident Response

PrevailHQ is committed to keeping clients informed of any actual or potential security incidents and to provide support in the unlikely event of any incident.

Disaster Recovery and Business Continuity

PrevailHQ is committed to providing a stable platform and is committed to restoring access to our systems quickly in the unlikely event of any disruption to our infrastructure or our business.