# SECURITY #### **Data** **Data in transit** All data transferred between the user's browser and Central’s servers is encrypted in transit. Central uses TLS v1.2+. **Data at rest** Data is encrypted at rest using AES-256 key encryption with key material managed by AWS Key Management Service (KMS). Customer documents and database fields may use a second layer of AES-256 encryption with customer-specific keys. **Data center security** Central uses Amazon Web Services (AWS) to host its production servers and supporting services. Central uses Neon ( [neon.tech](https://neon.tech/)) for hosted Postgres databases. Neon uses AWS to host its service and database instances. **Data availability** Central’s production systems and data are backed up on a regular basis. We run through a checklist to verify data is recorded and usable. Backups are tested on a periodic basis. #### **DEVELOPMENT & TEAM** **Access controls** Access to Central’s systems is limited based on employee roles and responsibilities. The principle of least privilege is enforced. **Testing and review** All changes to our application are subject to peer review and testing before being merged. **Separate environments** Central maintains segregated testing, development, and production environments. **Dedicated team** Central has a dedicated security team to enforce secure practices and respond to security incidents quickly and efficiently. **Policies** Central maintains a robust set of security policies that are updated periodically to meet the demand of an evolving security environment. Policies are communicated to employees and available for review at any time. #### **VULNERABILITY MANAGEMENT** **Vulnerability scanning** Central uses AWS’ security tools to constantly scan our applications, systems, and infrastructure for potential security risks and vulnerabilities. **Code analysis** Central’s code repositories are regularly scanned for security issues using static code analysis. **Bug bounty** We welcome responsible disclosure from security researches, though Central does not offer rewards for user-submitted bugs at this time. #### **PRODUCT** **Multi-Factor Authentication** Central allows you to add an extra layer of security to your account by enabling two-step verification, also called two-factor authentication. This reduces the risk of having your account accessed by anyone else. Central supports both SMS and TOTP two-factor codes. **Fraud monitoring** Central’s financial partners monitor customer accounts and transactions to help prevent fraud.