MadeLabs

Security Policy

MadeLabs takes security very seriously and wants all of our customers to be confident that we do everything we can to protect their data. The following passages will describe specific areas of security that we employ.

Authentication

MadeLabs recommends oAuth2 industry standard authentication through AWS Cognito (or a comparable identity solution such as Identity Provider or GCP Identity Platform) which ensures encryption of data-at-rest and in-transit. These systems are typically PCI DSS, SOC, ISO/IEC 27001, ISO/IEC 27017, ISO/IEC 27018, and ISO 9001 compliant. MadeLabs also recommends a second factor authentication for new accounts either by email or text message to a verified device.

Data Security and Backups

Madelabs requires authenticated access for interaction with our client's systems and data following a Least Privilege model whenever possible. We take our job as data stewards seriously when we have access to client or end-customer information.

Risk Management

In the event that a vulnerability or bug is detected, MadeLabs will work with clients to implement a hotfix to remediate the issue as soon as possible. All changes to client application code are source controlled, peer reviewed, and tested prior to deployment. We do our best effort to not introduce vulnerabilities or bugs into the applications we support.

Additionally, MadeLabs recommends monitoring vulnerabilities in any library dependencies through the use of Github Dependabot (or similar) and provide patches when they are made available.

Application Health and Monitoring

MadeLabs recommends Google Analytics to monitor user behavior to better help our customers and understand how users interact with the various products we help build for clients. Additionally, we recommend DataDog monitoring to identify performance or error conditions for the purposes of improving the product and resolving customer issues.

Internally, MadeLabs uses both of these products for www.madelabs.io to better help our end-users and improve our offerings and marketing information.