All information sent to and from Mace Innovations is encrypted with 2048-bit SSL encryption (TLS 1.2), the same security used by banks and e-commerce sites to protect their services. This means that all communication between your computers and our servers is encrypted and that your session is protected. You can verify this by checking the lock icon in your browser. All data is encrypted in transfer and all access to our service is governed by strict password security policies. In addition, all passwords are AES 256 Encrypted and are not readable. Furthermore, all data is also encrypted at rest using the industry-standard AES-256 algorithm this also includes any and all attachments included. Full specifications and implementation available upon request.
TRUST & TRANSPARENCY
We believe in being completely transparent about everything we do including our data security, service protection, and availability metrics. Below is a description of our security protocols and certifications. We also provide real-time status updates on our services, reporting on outages within the last 90 days, past incidents, and up-time percentages.
Our servers are hosted with Amazon Web Services (AWS) in the USA, a secured, durable technology platform with industry-recognized certifications and audits including PCI DSS Level 1, ISO 27001, FISMA Moderate, FedRAMP, HIPAA, and SOC 1 (formerly referred to as SAS 70 and/or SSAE 16) and SOC 2 audit reports. The data center is protected by highly-trained security guards 24/7 and access to the Mace Innovations technology on AWS is restricted to authorized personnel only and 2FA is required. Our network is protected by an extensive network and security monitoring systems (Trend Micro Deep Scan, CloudFlare WAF and Rapid7)
Mace Innovations is committed to protecting customer data in compliance with the Payment Card Industry Data Security Standard (PCI DSS). Our alignment with this standard is reflected in the people, technologies, and processes we employ. We conduct regular vulnerability scans and penetration tests in accordance with the PCI DSS requirements for our business model. We attest to our PCI compliance annually, and our most recent external PCI DSS scans were completed with a passing status as of December 26th, 2018. Available upon request.
In order to prove our commitment to security, we partnered with Aeris Secure to maintain our compliance with PCI DSS and ensuring we are held to the highest security standards with all of our technology. Their team has a variety of master’s degrees in Information Security, many industry certifications and over 25 years of experience in IT security.
