Security & Privacy

Document Crunch is proud to maintain a SOC 2 Type II attestation.  Our SOC 2 Type II report is available at our Trust Center.

Product Security

Penetration Testing

Document Crunch has at least yearly third-party vulnerability and penetration testing and promptly remediates all findings according to their severity, as specified in our policies.

Continuous Vulnerability Scanning

Document Crunch uses third party services to scan for known relevant vulnerabilities in our application and infrastructure.  The application and its underlying infrastructure are patched as part of routine maintenance and as a result of identified vulnerabilities to help ensure that the service is hardened against security threats.

Network Security

Access to the platform from the internet is disabled from the edge, with the only access to the platform through an IPSec VPN. The Document Crunch network is segmented to only allow Internet traffic to reach load balancing infrastructure.  Traffic to front-end servers is limited to traffic received directly from the load balancing infrastructure.  Access to server resources that are not customer facing is restricted to internal access and is not permitted from the edge.

Single Sign-On

Document Crunch provides Single Sign-On (SSO) functionality to the customers for whom this is a priority.

Data Protection

Data at Rest

At Document Crunch, we take the security of your data seriously. All datastores containing customer information, along with our S3 buckets, are encrypted at rest. We use the robust AES 256 encryption method to ensure your data is safe and secure at all times.

Secrets Management

Document Crunch uses the AWS Key Management System (KMS) for encryption key management. This system securely houses key materials in Hardware Security Modules (HSMs), preventing direct access to anyone, including our own and Amazon's staff. These keys, stored in HSMs, facilitate encryption and decryption through Amazon’s KMS APIs.

For the secure handling of application secrets, we utilize AWS Secrets Manager and Parameter Store. These secrets are encrypted and stored with stringent access restrictions in place to ensure their security.  Keys to critical infrastructure are rotated quarterly.

Data In Transit

Document Crunch ensures your data stays safe! We use TLS 1.2 or higher to protect data whenever it's sent over networks that might not be fully secure. Plus, our server TLS keys and certificates are expertly managed by AWS and smoothly deployed through Application Load Balancers, keeping your information well-protected at all times.

Enterprise Security

  • All Document Crunch employees and contractors undergo annual security awareness training, and our developers receive additional in-depth training in secure coding practices.

  • Document Crunch uses a risk-based approach to vendor security. When determining the risk rating of a vendor, we consider factors such as their access to customer and corporate data and the character of their integration with our production environment. The security of each vendor is evaluated in order to determine a risk rating for the vendor and whether that vendor is approved.

  • Document Crunch performs background checks on employees when they are hired, in accordance with local laws and regulations.

  • Document Crunch maintains codes of conduct and confidentiality agreements that all our employees and contractors acknowledge and accept.