Strada prioritizes security in every aspect of what it does and follows industry best practices to ensure your data is safe.

Hosting

Strada’s infrastructure is hosted on AWS with flexible capacity to ensure uptime and reliability. Customers have access to status.getstrada.com where they can get live updates on the operational status of the Strada platform.

Encryption

Data is encrypted at rest using AES-256 and in transit via SSL and HTTPS.

Secret and password storage

Secrets are stored at rest and encrypted with AES-256-GCM and in AWS Secrets Manager.

Security Testing

Strada conducts regular security audits and, at minimum, annual third-party penetration tests to identify and rectify any vulnerabilities proactively. Third-party vulnerability scanning is also deployed to all production and internet facing systems on an ongoing basis. Open source software vulnerabilities are monitored and patched, when applicable, within 30 days for the most severe vulnerabilities.

SOC 2 Type 2 Compliance

Strada implements policies and follows security procedures that meet or exceed SOC 2 Type 2 standards. Strada is undergoing a SOC 2 Type 2 audit and expects to receive its certification in Q2 of 2024. Detail around the audit engagement can be provided upon request.

Security Questionnaires

If a questionnaire is required as part of a vendor evaluation process, responses can be provided for customers on the Strada Enterprise plan.

How to report vulnerabilities

Email security@getstrada.com with information on security vulnerabilities you discover.