images preloader

LUCIDYA IS LOADING

Privacy Policy Cookies Policy Service Agreement Author Privacy Statement Vulnerability Disclosure Policy
Updated: Apr 27, 2024

Lucidya supply chain management

This document outlines Lucidya’s position within the supply chain and its associated dependencies and responsibilities.

1. SaaS Provider:

  • Primary Role: We are a Business-to-Consumer (B2C) SaaS provider delivering our software application to individual users.

 

2. Supply Chain Dependencies:

  • Cloud Provider: Amazon Web Services (AWS) provides the underlying infrastructure for our SaaS platform.
  • Software Development: We develop and maintain our application in-house using Ruby on Rails for the backend and React Javascript for the frontend. There are no external vendors for development tools.
  • Identity and Access Management (IAM):
  • Developers: JumpCloud is used for internal developer access control.
  • Customers: Customers leverage Single Sign-On (SSO) through Auth0 using their existing email providers for authentication.

3. Data Processing:

  • We store basic customer data including email addresses, names, and phone numbers.
  • We collect additional data from social media platforms through authorized APIs.
  • All data is encrypted at rest and in transit within our database.

4. Security Practices:

  • We adhere to SOC 2 compliance standards for security best practices.
  • Security practices are documented and integrated with a security information and event management (SIEM) tool (VANTA).
  • Penetration testing and access control testing are performed annually.
  • We have a documented incident response plan to handle security incidents.
  • We utilize encryption for processing data, both at rest and in transit, to safeguard sensitive information.

5. Business Continuity and Disaster Recovery (BCDR):

  • We have a BCDR plan in place with minimal impact expected from disruptions with AWS.
  • As a contingency plan, we have evaluated Google Cloud Platform (GCP) as a potential alternative cloud provider.
  • To ensure readiness, we conduct weekly disaster recovery training and restoration tests across all our environments. This proactive approach validates our ability to recover quickly and minimize downtime in case of an actual incident.

6. Analytics:

  • We use Google Tag Manager and HubSpot ELK for website analytics.