SECURITY OF INFORMATION
Infrastructure: Our platform technology is built using the latest advancements in architecture and storage. We believe that security of information is paramount. In addition to implementing Amazon Web Service Cloud securities, EarthX routinely employs third party security audits. We conduct regular security audits both internally and with 3rd parties s to review our hardware, software, and physical security configurations. Our offices are also equipped with access control and 24 hr surveillance.
EarthX will also be available as a desktop browser application to view on personal computers running Windows edge browser, Mac OS X 10.3.9 and above, Android 5.0 and above, and FreeBSD. EarthX will be also be released as iOS and Android applications. Application security reflects agreements and meeting the necessary requirements set forth in the application submission, review, and deployment terms and conditions of relevant applications with apple, google, and microsoft.
Personal Information and Accounts: Account management is done through Amazon Web Services (AWS) Cognito with a two-factor authentication for logins to help protect your account information. Integration with other services such as MapBox also utilize a two-factor authentication process with a unique token containing granular control over access to your account resources.
Software security: We monitor documented threats from public security research databases (such as the Common Vulnerabilities and Exposures catalog), and we run automated vulnerability scanners, including retire.js and nsp, at regular intervals and before each deploy. Our developers receive training for secure software development, including Open Web Application Security Project guidelines. All major code changes are subject to a multi-point code review with specific attention paid to security.
DDoS mitigation: Maps and location can be emotionally and politically charged subjects. We maintain firewalls on our edge servers and origin load balancers to protect against bandwidth and protocol-based attacks, and we use intelligent web application firewalls and elastic scaling of our compute capacity to mitigate attacks at the application layer, including complex and evolving attacks.
Data security: EarthX uses telemetry through SDKs to collect anonymous data about how users interact with the map to help developers build better location based applications. This information helps us understand aggregated stats about map usage and how people interact with map layer and geostories which enable EarthX to make improvements to the overall application experience. Mobile telemetry data is stored in a dedicated pipeline through secure AWS protocols. All customer data is stored with at least dual redundancy and we've designed our storage solution for 99.9999% uptime. EarthX accounts come with built-in AES256 encryption-at-rest.
Private maps: New maps are set to private mode by default Users can regulate the sharing rights of their content by making maps public or limited sharing and viewing rights through control permissions contained in their secure account. Existing public maps can be made private with a single click. Map and Geostory authors can also create, revoke, and monitor the usage of their map layers through their dashboards.
Logging: We log activity across our platform, from individual API requests to infrastructure configuration changes. Logs are aggregated for monitoring, analysis, and anomaly detection and archived in vaulted storage. We implement measures to detect and prevent log tampering or interruptions.