Security Policy

Audit and certification:

Animaker works with independent third party firms to conform to security practices that consistently meet industry best standards. We are an ISO 27001:2013 certified company. Animaker is willing to share the ISO certification upon reasonable request by clients.

Animaker uses the payment processing platform Braintree. For more information on Braintree’s security practices, please see https://www.braintreepayments.com/features/data-security.

Privacy Framework

Animaker makes sure its processes and procedures are compliant with the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). To know more details please visit our Privacy Policy here.

Vulnerability Testing:

Animaker follows a structured code development and release process. As part of this process, all code is peer reviewed. Animaker makes purpose-built code analysis tools available for engineers to deploy against application code. Animaker also performs continuous post-production tests based on real-time threats. Animaker conducts rigorous internal continuous testing of its application surface through various types of penetration test exercises. In addition, Animaker coordinates external 3rd party penetration testing using qualified and certified penetration testers.

Regular penetration testing and security scans:

Animaker Backend is regularly scanned with industry-standard scanning tools for monitoring and detecting vulnerabilities. In addition, twice a year we do a thorough and detailed penetration testing using third party penetration testing companies.

Security Training for Animaker Team

All members of our team go through a Security awareness training for increased security awareness on a regular basis.

Data Encryption:

Data in transit and at rest is encrypted. We are using AWS KMS (Key Management Service) for all our keys. The data connection to our application is encrypted and authenticated using a strong protocol (TLS 1.2), a strong key exchange (ECDHE_RSA with P-256), and a strong cipher (AES_128_GCM). We use the SSL certificate signed by GoDaddy. All symmetric key encryption commands used within the HSA use the Advanced Encryption Standards (AES), in Galois Counter Mode (GCM) using 256- bit keys. The analogous calls to decrypt use the inverse function.Amazon EC2 EBS volume is encrypted using AES- 256-XTS. This requires two 256-bit volume keys, which is like a 512-bit volume key. The volume key is encrypted under a Customer Master Key and stored along with volume metadata.

Training / Awareness:

Animaker has a formal and documented security awareness training program during the on-boarding process and other training, which happens once every six months.

Incident Response and Reporting System:

Animaker has a documented and formal incident response plan. Animaker performs annual testing of its emergency response processes. Our employees are trained in how to communicate incidents internally and our customers are kept informed of incidents that affect their service via e-mail.Animaker has a well defined and rigorous incident management process for security events. If an incident involves customer data, Animaker will inform the customer and support investigative efforts via our support team within 72 hours. After a security event is fixed we record a detailed root-cause analysis. This is then assimilated by Animaker such that we can detect any actions in the future. Animaker can support properly formed requests for specific tenant data when requested by law enforcement. Individual customers get notified should an incident impact their data.

Build Process Automation:

Animaker has an established automation process that enables us to seamlessly deploy changes to the Animaker application and platform. This enables us to address security issues as soon as possible.

Animaker Infrastructure:

Animaker operates on Amazon Web Services (“AWS”); All our scoped data and systems are hosted on AWS. So, AWS Infrastructure and its Network Security will be taken care of by AWS as detailed in the AWS SOC2 report. In addition, Animaker's cloud security team periodically monitors and reviews the scoped environment's network configuration and security.

Animaker services and data are hosted on Amazon Web Services (AWS) (us-west-2 and us-east 1 ). Animaker customer data is stored in multi-tenant datastores.We exercise stringent privacy controls in making sure that one particular data is secluded from other customer data.Animaker conducts integration tests in place to check our privacy controls. These tests are run every time our codebase is updated and even one single test failing will prevent new code being shipped to production. Each Animaker system used to process customer data is adequately configured and pathed using commercially-reasonable methods according to industry-recognized system-hardening standards and security practice.

Transfer of Data:

Animaker data is encrypted in transit using 256-bit encryption. Our API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests. Animaker uses strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. Animaker also encrypts data at rest using an industry-standard AES-256 encryption algorithm.

Authentication:

Animaker believes in the Zero Trustnetwork security model, based on a strict identity verification process. The framework dictates that only authenticated and authorized users and devices can access applications and data. At the same time, it protects those applications and users from advanced threats on the internet. Animaker has a Zero Trust security model in place. Animaker offers no additional privileges or corporate resources from being on the Animaker network. Animaker has established two-factor authentication (2FA) and strong password policies on GitHub, Google, AWS, and Intercom to ensure access to cloud services are protected.

Permissions and Admin Controls:

Animaker enables permission levels to be set for any employee with access to Animaker Scoped Systems. Permissions and access can be set to include app settings, billing, and user data.

Monitored Application:

Animaker makes sure that every action on the Animaker network is logged and audited. Production control activities are logged as well.