Drafted services run on Amazon Web Services (AWS) and DigitalOcean which are physically secure, employ modern software security techniques, and require multi-factor authentication for access. The AWS and DigitalOcean clouds meet several global security standards such as ISO 27001 and SOC.
We use a third party service to ensure that all of our dependencies are up-to-date and patched if a patch is available. When new known vulnerabilities are found, we are immediately notified with a recommended action to take. Critical vulnerabilities are typically patched same day and non-critical within 2 weeks.
Drafted does not store any data on-premises. We use AWS for all data storage and processing, which complies with stringent security requirements.
Drafted uses database replication and periodic snapshots to avoid data loss. In case of a data loss, we can use replicas to quickly recover to a known previous state.
Drafted supports SSO using OAuth2 for Google Sign In. Any private keys used for encryption are encrypted themselves when stored on local computers only. Two-factor authentication is used on every hosting provider Drafted uses.
Our employees know how to handle your data - we enforce multi-factor authentication for all internal systems and third party services where it is supported, and an internal data access policy is required learning for new employees. No data on Drafted is ever transmitted on an un-secure connection, even between internal microservices.