Data security & Confidentiality

Bench3D considers data and IP security to be of utmost importance and takes rigorous measures to ensure their protection. We use state-of-the-art security practices and trusted technology providers to ensure the security of our platform. The security measures include enforced HTTPS/HSTS, TLSv1.2 with ECDHE/AES256GCM encryption, encryption of sensitive data such as passwords and tokens, a cloud-native architecture in a secured VPC network, internal OWASP security reviews, disaster-tolerant and GDPR compliant storage, and private document access. By implementing these security measures, we protect our users' data from unauthorized access and potential breaches.

Enforced HTTPS/HSTS for all services and communication.

Client requests and backend internal communication go through TLSv1.2 with ECDHE/AES256GCM encryption to prevent man-in-the-middle attacks. We have an overall rating of A in SSL Labs tests.

Encrypt sensitive data like passwords and tokens.

Credentials are hashed with one-way hash functions and random salt. Bench3D employees cannot see or decrypt account passwords. Even if our database was compromised, your passwords will remain safe.

State-of-the-art cloud-native architecture in secured VPC network.

Bench3D systems are managed with the most recent stable Kubernetes ecosystem software. All services remain internal and inaccessible to the outer world, except for the only user-facing HTTPS service, minimizing possible attack surfaces.

Bench3D relies on Amazon Web Services (AWS) for infrastructure security. Bench3D runs on AWS EC2 computing instances which rest inside AWS secured VPC network. AWS excellent security solutions are certified to meet compliance requirements.

Conduct internal OWASP security reviews regularly, including infrastructure and code.

On the application level our experienced DevOps and QA team work relentlessly to keep the system safe and secure. We do regular frontend and backend code reviews and automated tests to prevent XSS attacks and SQL injection attacks and the like. With more monitoring/measuring tools in place, we are getting to a higher level in risk management.

Disaster tolerant and GDPR compliant storage.

Bench3D data is synced and backed up to multiple storage facilities in EU regularly.

Any new document is private by default, access is only granted upon invitation.

Any document uploaded to Bench3D is private by default, meaning only the user that uploaded the document has access to the document, and henceforth is considered the owner of that document.