At Neurosnap, we prioritize security above all else. Our clients entrust us with their most sensitive data, including intellectual property critical to their operations and competitiveness. We are deeply committed to honoring that trust by implementing robust security measures with unwavering diligence. Below, we outline our security policies, highlighting our commitment to safeguarding client data. For security reasons, we intentionally omit certain details to prevent adversaries from gaining insights into our defenses. Our goal is to maintain a high level of security without providing a roadmap for malicious entities.
General Security
Neurosnap implements a comprehensive suite of security measures to minimize the risk of data breaches and mitigate their potential impact.
Measures Taken
- Bank-Grade Encryption: Sensitive information, including passwords and authentication credentials, is encrypted using algorithms that meet or exceed banking standards.
- Enforced TLSv1.3 Encryption: All web traffic is encrypted using the latest TLS standard, ensuring protection during data transmission.
- Strict Access Controls: Access to sensitive data is restricted to authorized personnel only. Unique identification and authentication techniques, including multi-factor authentication, are enforced.
- Encrypted Data Backups: Backups are encrypted and tested annually to ensure their effectiveness and security.
- Strong Password Policies: Neurosnap enforces password policies based on industry best practices to ensure account security.
- Advanced Firewalls: Industry-standard firewalls and intrusion prevention systems are deployed to protect network boundaries.
- Proactive Breach Prevention: Neurosnap uses proactive threat hunting, incident response planning, and regular vulnerability and penetration testing to stay ahead of evolving threats.
- Regular Security Audits: Audits, as well as source code reviews, are conducted regularly. Tools added to the platform undergo high-fidelity security evaluations.
- Zero Outsourcing: All software development is done in-house to maintain code quality and reduce exposure to external security risks.
- Disaster Recovery and Business Continuity: Neurosnap maintains a disaster recovery program approved by management, with documented and tested backup procedures.
- Device Security: Laptops and mobile devices storing or accessing sensitive data are encrypted, and physical/environmental controls are in place to protect hardware assets.
- Security Incident Response: Neurosnap has a dedicated incident response team, with formalized plans and notification procedures to investigate and respond to breaches.
- Monitoring and Alerting: Security alerts monitor suspicious activity across applications, platforms, and networks. Logs track successful/failed logins and sensitive system changes.
- Email Security Scanning: All email attachments are scanned for threats, such as viruses and malicious code.
Jurisdiction & Data Processing
Neurosnap processes data primarily in the United States, with some processing in Canada and the EU. Only a small percentage of data is handled outside the U.S., and clients may request region-specific processing by contacting our support team. All data is encrypted in transit and at rest wherever reasonably possible.
Third-party processors are listed in our Terms of Service and Privacy Policy. All third parties are thoroughly vetted, and exposure of information is limited strictly to a need-to-know basis.
Employee & Device Security
- All personnel with access to sensitive or client data receive comprehensive training on information security protocols and responsibilities.
- Employees and contractors must review and acknowledge applicable security and compliance policies annually.
- Access to production environments is restricted; developers do not have direct access.
- Authentication credentials and key material are encrypted and protected by a robust Key Management System (KMS).
Risk Management
Neurosnap has a formalized Enterprise Risk Assessment process and governance plan. These efforts include:
- Risk identification through vulnerability scans, threat modeling, and internal feedback.
- Quantification and prioritization based on predefined risk acceptance levels and business objectives.
- Mitigation strategies including policy updates, technical controls, and corrective actions.
- Continuous monitoring and periodic audits to evaluate and refine mitigations.
- Ongoing collaboration with external security experts as needed.
- Integration of risk management with strategic planning and operational decision-making.
- Regular training and internal communication to promote awareness and accountability.
Email Security
Neurosnap adheres to industry-leading practices in email security, leveraging the M3AAWG Sender Best Common Practices Version 3.0 and proprietary enhancements.
- SPF and DKIM with DKIM Rotation: Email authentication protocols are enforced with regularly rotated DKIM keys.
- DMARC Enforcement: Domain-based authentication helps block spoofed and malicious emails.
- DNSSEC Activation: Ensures authenticity of DNS responses and prevents spoofing.
- S/MIME for Email Encryption: Used to encrypt and authenticate sensitive outbound communications.
- TLS Encryption: All outbound emails use TLS to secure transmissions.
- Comprehensive Monitoring: Email traffic is continuously monitored for anomalies and threats.
Neurosnap’s security practices are continuously reviewed and improved in response to emerging threats and new technologies. We remain steadfast in our mission to uphold the highest standards of security and client trust.