Last updated: October 24, 2022
Manzil (“us”, “our”, “we”) maintains security practices to protect you (the “User”) and the information you provide to us from loss, theft, or otherwise unauthorized use and misuse. We take security very seriously and want to keep you informed as to the steps we take to keep you safe and informed without divulging so much as to unnecessarily expose details.
Security Roles
Both virtual and physical security at Manzil is directly managed by both our Chief Technology Officer (CTO) as well as our Lead Infrastructure Engineer.
Infrastructure Security
- All of our services are hosted by AWS and protected under their security practices
- Application services are provided via a minimum of two availability zones and operate under a pilot light model in case of unexpected outages
- We maintain and practice a Business Continuity & Disaster Recovery Plan, including practicing tabletop exercises
Application Security
- User account data is mirrored, regularly backed up, and stored in Canada and Europe
- We perform regular, and varied penetration testing via third parties to assess vulnerabilities in our applications and services, with any issues promptly remediated
- We maintain a Responsible Disclosure Policy, to facilitate the safe reporting of vulnerabilities discovered in our product or platform
- Third-party vendors, suppliers, and contractors are evaluated for compliance with our security policies and standards
Physical Security
- Our offices are secured with keycard access and are monitored with cameras throughout
- Our offices are further physically segmented from common spaces and areas where others may have access
Staff Security
- All staff are trained on security best practices during onboarding, and throughout their employment, as necessary
- All staff undergo credit and criminal background checks as a prerequisite of employment
- Access to tools, personally identifiable information, and production data is limited to a need-to-know basis
- All employee devices are encrypted, follow strong password policies, and use two-factor authentication (2FA) whenever available