Security

Security and Privacy at c/side

c/side is a security company built by engineers with deep security expertise. Security and privacy run in our veins. Our unique approach to securing 3rd party scripts, combining cutting-edge technology with AI expertise, sets us apart in protecting B2B SaaS, ecommerce, and websites utilizing third-party scripts.

Governance

At c/side, we prioritize the security and privacy of our users. We are committed to protecting your personal information and ensuring a safe environment for all our services.

Each c/side employee is tasked with maintaining compliance with applicable frameworks. We hold each other accountable and use tools to continuously monitor and audit our actions and systems.

Our policies are based on the following foundational principles:

Least Privilege Access

Access is limited to those with a legitimate business need and granted based on the principle of least privilege for the minimum time required.

01.

Defense-in-Depth

Security controls are implemented and layered according to the principle of defense-in-depth

02.

Consistency

Security controls are applied consistently across all areas of the enterprise.

03.

Continuous Improvement

The implementation of controls is iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.

04.

Compliance and Certifications

c/side is currently undergoing audits for:

SOC 2 Type II GDPR PCI DSS v4

Certificates will be available on our Trust Center from Q1 2024.

Data Protection

Data at Rest

All datastores containing customer data, including S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption. This means the data is encrypted even before it hits the database, ensuring that neither physical access nor logical access to the database is sufficient to read the most sensitive information.

Data in Transit

c/side uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also implement features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.

Secret Management

Encryption keys are managed via AWS Key Management System (KMS). KMS stores key material in Hardware Security Modules (HSMs), preventing direct access by any individuals, including employees of Amazon and c/side. The keys stored in HSMs are used for encryption and decryption via Amazon's KMS APIs. Application secrets are encrypted and stored securely via AWS Secrets Manager and Parameter Store, with strictly limited access to these values.

Our Unique Approach: Script Proxying

At c/side, we employ a unique script proxying method that gives us 100% visibility into what users are receiving. This approach provides us with the best opportunity to detect and prevent targeted attacks, ensuring a safer online environment for your business and customers.

Continuous Monitoring and Analysis

Our team of security experts employs state-of-the-art monitoring and analysis techniques to keep your digital assets secure. We're always on alert, ready to respond to any potential threats or anomalies.

Incident Response

Our incident response team is available 24/7 to address any security concerns. We have a comprehensive incident response plan in place to ensure quick and effective action in the event of a security incident.

Contact Us

For any security-related questions or to report a potential security issue, please contact our security team at [email protected].

At c/side, your security is our top priority. We are committed to continuously improving our security measures and staying ahead of emerging threats to provide you with the most secure environment possible for your online operations.