Security and privacy run in our veins. Our unique approach to securing 3rd party scripts, combining cutting-edge technology with AI expertise, sets us apart in protecting B2B SaaS, e-commerce, and websites utilizing third-party scripts.
At cside, we prioritize the security and privacy of our users. We are committed to protecting your personal information and ensuring a safe environment for all our services.
Each cside employee is tasked with maintaining compliance with applicable frameworks. We hold each other accountable and use tools to continuously monitor and audit our actions and systems.
Our policies are based on the following foundational principles:
Least Privilege Access
Access is limited to those with a legitimate business need and granted based on the principle of least privilege for the minimum time required.
Defense-in-Depth
Security controls are implemented and layered according to the principle of defense-in-depth
Consistency
Security controls are applied consistently across all areas of the enterprise.
Continuous Improvement
The implementation of controls is iterative, continuously maturing across the dimensions of improved effectiveness, increased auditability, and decreased friction.
We undergo audits and receive certification from leading third-party standards.
trust.cside.com
SOC 2
PCI DSS
All datastores containing customer data, including S3 buckets, are encrypted at rest. Sensitive collections and tables also use row-level encryption. This means the data is encrypted even before it hits the database, ensuring that neither physical access nor logical access to the database is sufficient to read the most sensitive information.
cside uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. We also implement features such as HSTS (HTTP Strict Transport Security) to maximize the security of our data in transit. Server TLS keys and certificates are managed by AWS and deployed via Application Load Balancers.
Encryption keys are managed with AWS KMS and stored in HSMs, inaccessible to both Amazon and cside staff. Keys are only used through KMS APIs for encryption and decryption. Application secrets are securely kept in AWS Secrets Manager and Parameter Store with limited access.