Entry's mission is to facilitate the shift from a service provider owning user identities, sensitive PII, and credentials to a user-owned digital identity, PII, and credentials. It was designed to put a user in control of their digital identity, to provide transparency and control over how and where their data is used, with an ability to govern access to it.
We follow industry best practices to develop and delivery our product securely.Learn more
We adhere to the highest industry standards for data security using MFA and encryption.Learn more
We challenge our assumptions through third-party collaborations and frameworks.Learn more
We follow industry best practices, so security is baked right into our product and regular development processes – including security design reviews, code reviews, unit & integration tests.
All engineers are required to know OWASP vulnerabilities and use libraries, frameworks, and mitigations vetted and recommended by the security community, such as Strict CSP.
We regularly update our servers, tools, libraries, and patching vulnerabilities as they are discovered. Our application, host, and network are automatically scanned. We also automatically detect out-of-date dependencies.
Data in transit runs entirely over SSL, with an A+ from Qualys SSL Labs. Data at rest is encrypted with AES 128/256. All passwords are hashed using bcrypt and billing information is entirely managed by our PCI-compliant payments provider (Stripe).
Secrets are stored securely and never in source code. Access to our infrastructure and related services requires SSH and two-factor authentication when possible.
We are committed to making Slab highly available. Our infrastructure runs on fault-tolerant systems and backups are made daily. We leverage redundant third-party providers to provide 24/7 monitoring and alerting of any downtime.
Trust and Verification
We conduct annual penetration tests on our application and infrastructure. These audits are conducted by respected independent security firms. Any issues surfaced are tracked and prioritized to their resolution.
Slab is hosted on Google Cloud Platform, a leading cloud provider that holds rigorous industry security certifications, such as SOC 2 and ISO 27001.
Slab itself is certified under SOC 3, SOC 2 Type 2, and EU-US and Swiss-US Privacy Shield, as well as being fully compliant with the EU General Data Protection Regulation (GDPR).