Security
Security is at the forefront of our innovation
We've always held ourselves to the highest industry standards, especially when it comes to security. The Space.UA team worked hard to achieve SOC 2 Type 2 certification in 2022. You can request a copy of the audit report by writing to security@space[.]ua.
Learn more about security at Space.UA
Security Policies
At Space.UA we strive to define and follow rules according to security best practices. As a result, we have policies covering the following topics:
.svg){kind=icon}
General Information Security Policy
User Access Charter/Acceptable Use Policy
Password Policy
Business Continuity Plan (BCP)
Disaster Recovery Plan (DRP)
Data Backup and Recovery Policy
Security Incident Management Policy (and processes)
Cryptography Policy
Secure Development Life Cycle (SDLC) Policy
Logical Access Control Policy
Change Management Process
Risk Management Process
Security Controls
We run multiple technical security controls across our platform, including:
Annual penetration test covering our web platform and our mobile applications (iOS and Android).
Quarterly vulnerability scans - external and internal
Bug Bounty Program (private program on yesWeHack)
Code security analysis tool (Static Application Security Testing)
Network Security
At Space.UA, we take network security seriously. This is why we have state-of the-art multilayer protections:
Firewalls
Web Application Firewall (WAF)
Anti-DDOS (AWS Shield Advanced)
Intrusion Detection System (IDS)
Space.UA back-office accessible only through VPN with MFA by need-to-know staff
Data Protection
The security of your data is our highest priority. We only use tried and tested official public cryptographic algorithms to protect your data:
Encryption at rest - AES-256
Encryption in transit - TLS v1.2
We also implement strict access control of data through the use of nominative accounts and MFA security.
Operational Security
We run regular patch management operations on all our servers and laptops
Space.UA platform logs are sent to a central SIEM and analyzed by a 24/7/365 SOC team for correlation and alerting
BCP/DRP/Resilience/High availability/High capacity
Our architecture is built from the ground up to be highly available by utilizing multiple Availability Zones in AWS. We use load-balancers and autoscaling to automatically manage load changes on the platform
We optimize delivery performance around the world with Fastly and Cloudfront as CDN
We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)
We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events
Physical Security
All our data and servers are in AWS data centers, and their security is described here: https://aws.amazon.com/compliance/data-center/controls/
We optimize delivery performance around the world with Fastly and Cloudfront as CDN
We have a fully functional Disaster Recovery environment with backups in another AWS region (eu-west-3)
We have a BCP and a DRP that we test annually to ensure we are prepared for potential disaster events
Compliance
GDPR
We have declared our DPO to the French CNIL. You can find our Privacy Policy here: Privacy policy
All Space.UA platform data is hosted in:
AWS Ireland datacenter (main data hosting and data processing)
Mailgun also in EU (for emails only)
SOC 2
We have renewed our SOC 2 Type 2 attestation at the end of 2022 and are now working on a continuous audit period. You can request a copy of the latest audit report to security@space[.]ua.
ISO 27001
We are working towards certification in 2023.
