About Security at GoVyrl, Inc.

Last updated: June 3, 2020

GoVyrl, Inc. is dedicated to protecting your personal and company data.  We continuously invest in the security of our platform to improve the privacy, confidentiality, and availability of your data.

Cloud Infrastructure

GoVyrl, Inc.’s application platform runs on Amazon Web Services (AWS) cloud infrastructure hosted in secure SSAE 18 audited data centers.  American Institute of Certified Public Accountants (AICPA) SOC 1,2,3 compliant reports for AWS services are available at https://aws.amazon.com/compliance/soc-faqs/.

Data Center Security

AWS data centers are secure by design and based on strict control of the following key areas.

Scalability & Reliability

GoVyrl, Inc. uses Amazon Web Services to manage user data.  Our databases are designed to automatically scale in capacity and performance as needed.  Our data storage design achieves high availability and durability by replicating multiple copies of data across multiple Availability Zones and backing up data continuously to storage.  Amazon Aurora recovers from physical storage failures, with instance failover typically taking less than 30 seconds.  Additional information is available at aws.amazon.co/rds/aurora.

Network and System Security

GoVyrl, Inc. uses commercially reasonable network security framework and procedures to secure the network and system infrastructure.  We apply the principle of least privilege in network segregation, application firewalls and infrastructure access control.  Intrusion detection, prevention, centralized log management, monitoring and alerting are deployed across the cloud environment to detect, prevent and promptly remediate impact by malicious actors.

Data Encryption

Data in Transit

All transmission of sensitive data is encrypted to protect against identity theft and data loss.  Transport Layer Security (TLS) 1.2 or higher is required to secure transmission of all sensitive data and prohibit insecure connections.

Data at Rest

All data stored in our AWS cloud infrastructure is encrypted using 256-bit AES encryption or higher to protect against identity theft and data loss.

Security and Compliance Orchestration

GoVyrl, Inc. uses cloud security and compliance orchestration software that enables continuous assessment of system security posture. The software actively enforces security controls to protect against identity theft and data loss in the cloud.

Penetration Tests

We work with external security advisors to perform penetration testing of critical systems for independent review of system security posture and cybersecurity risks.

Privacy

We are committed to protecting your personal and company information.  For questions regarding how we can assist you with your California Consumer Privacy Act (CCPA) and General Data Protection Regulation (GDPR) compliance efforts, please review GoVyrl, Inc.’s privacy policy, which describes how we handle your data at getcarro.com/privacy-policy or contact us at privacy@getcarro.com.