ProductsServicesDocsPricingAboutContact Log in Sign up
Policies

Security

Overview

Impossible Software maintains strict security controls at every layer, from physical infrastructure to application logic. Security is a shared responsibility between Impossible Software and our customers. We continuously monitor, audit, and improve our security posture to protect your data.

Shared Responsibility

Users must safeguard their account access through proper management of API Keys and Security credentials. You are responsible for maintaining the confidentiality of your authentication tokens and for any activity that occurs under your account.

Confidentiality

Impossible Software enforces strict employee access controls. Employees are granted access to customer data only when necessary for service delivery or support purposes. All access is subject to audit logging and regular review.

Physical Security

Our infrastructure is hosted in AWS data centers that are certified under ISO 27001 and FISMA compliance standards. These facilities feature military-grade perimeter security and require a minimum of two-factor authentication at least three times for data center access. All physical access is logged and monitored. Visitors must present valid identification and be escorted at all times.

Network Security

Firewalls are configured to restrict both external and internal access to only what is required. Our infrastructure includes protection against IP spoofing, MAC spoofing, and ARP spoofing. Packet sniffing is prevented at the hypervisor level. Port scanning by customers is prohibited and actively monitored.

Data Security

  • All API and database connections are secured with HTTPS/SSL encryption.
  • Optional AES 256-bit encryption at rest is available for sensitive data.
  • Users maintain full control over data retention and purging policies.
  • Storage media is decommissioned following DoD and NIST standards to prevent data recovery.

Business Continuity

  • Multi-region and multi-Availability Zone deployment for high availability.
  • Nightly backups with daily snapshots; five snapshots retained at all times.
  • Backup restoration testing conducted every 90 days.
  • Centralized logging with automated monitoring and alerting.
  • Customers are notified promptly in the event of a security incident.