Security & Compliance

As the enterprise ready webhooks service, security is baked into everything we do. We follow stricter security protocols than industry best practices and have a strong security posture, to ensure that our customers never need to worry about security and compliance.

Encryption

All communications between customers and the Svix APIs and web applications are secured using TLS 1.2 or TLS 1.3. Encryption is also employed for all communication between internal Svix services as well as external.

Data persisted by the Svix service is encrypted at rest using 256-bit AES.

Authentication

Svix utilizes API token authentication for API access. API tokens can be safely rotated with a configurable expiry period to ensure operational continuity even when API keys are suspected to be compromised.

For access to the Svix dashboard, Svix uses short-lived JWT tokens so that even if leaked, they will have limited value.

Access to production systems and data

The Svix team has no access to production systems, networks, and data, not even through a VPN. Code and infrastructure changes go through strict code review and are deployed automatically once approved by team members and passing the appropriate tests and checks.

Business continuity

Svix has processes and policies in place to ensure the business continuity of its systems and operational. Production systems all have redundancies, and are configured for automatic failover and automatic scaling. The Svix team undergoes yearly business continuity training, and disaster recovery practice.

Compliance

Svix undergoes an annual SOC 2 Type II audit of our product, infrastructure, and policies, done by a third party auditor; a HIPAA attestation by a third party; a PCI-DSS attestation; and is GDPR and CCPA compliant. Svix also lets its customers choose which region they operate in to comply with data locality regulations.

Svix undergoes yearly penetration tests using a third party firm, and employs automatic code and network security scanners that continuously verify the security of its code, servers, and networks.

SOC2 CertificationHIPAA CompliantPCI-DSS CompliantPIPEDA CompliantGDPR ReadyCCPA Ready

Contact

If you have any questions about the Svix security and compliance practices, please contact us at security@svix.com.