Security

Cloud Infrastructure

FutureCustomer.Tech (hereinafter referred to as “FCT”) is hosted on a Virtual Private Cloud on Amazon Web Services which provides a secure and scalable technology platform to ensure we can provide you services securely and reliably.

Perimeter Security

We have deployed Defence in Depth Architecture using a network firewall, web application firewall, DDoS protection layer, and a content delivery network.

Our infrastructure is launched in compliance with the AWS Well Architected Framework and from the security perspective incorporating practices from the AWS Cloud Adoption Framework.

We have a 3-Tier Architecture which incorporates best practices from various standards and certifications.

We have strict network segmentation and isolation of environments and services in place.

We use HTTPS protocol for our website and mobile applications. All communication between the Platform and our servers are protected via 256bit encrypted HTTPS protocol. This prevents MITM (Man in the Middle) attacks on our platform and connection between us and our user is fully secure. We have strict network segmentation and isolation of environments and services in place.

Host Security

We use industry leading solutions around anti-virus, anti-malware, intrusion prevention systems, intrusion detection systems, file integrity monitoring, application control, application and audit log aggregation, and automated patching.

All our servers are launched using the Center for Internet Security Benchmarks for Ubuntu 20.04 LTS.

Data Security

We employ separation of environments and segregation of duties and have strict role-based access control on a documented, authorized, need-to-use basis.

We use key management services to limit access to data except the data team.

Stored data is protected by encryption at rest and sensitive data by application level encryption.

We use data replication for data resiliency, snapshotting for data durability and backup/restore testing for data reliability.

Google API Disclosure

We use Google APIs for several FCT apps and services. Our use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Incident and Change Management

We have deployed mature processes around Change Management which enables us to release thoroughly tested features for you both reliably and securely enabling you to enjoy the FCT experience with maximum assurance.

We have a very aggressive stance on Incident Management on both Systems downtime and Security and have a Network Operations Center and an Information Security Management System in place which quickly reacts, remediates or escalates any Incidents arising out of planned or unplanned changes.

Vulnerability Assessment and Penetration Testing

We have an in-house network security team which uses industry leading products to conduct manual and automated VA/PT activities.

We employ both static application security testing and dynamic application security testing which is incorporated into our continuous integration / continuous deployment pipeline.

Responsible Disclosure

We at FCT are committed about our customer’s data and privacy

We blend security at multiple steps within our products with state of the art technology to ensure our systems maintain strong security measures

The overall data and privacy security design allows us defend our systems ranging from low hanging issue up to sophisticated attacks.

If you are a security enthusiast or a researcher and you have found a possible security vulnerability on FCT products, we encourage you to report the issue to us responsibly.

You could submit a bug report to us at tech@unifynd.com with detailed steps required to reproduce the vulnerability.

We shall put best of our efforts to investigate and fix the legitimate issues in a reasonable time frame, meanwhile, requesting you not to publicly disclose it.

Cookies

We use data collection devices such as “cookies”, etc. on certain parts of the App to help analyse the App Services, user interaction with the App, measure promotional effectiveness, and promote trust and safety. For the sake of clarity, “cookies” are small files placed on your device hard-drive/storage that assist us in providing the App Services. Please be informed that we offer certain features via the App that are only available through the use of a “cookie”.

We also use cookies to allow you to enter a particular password less frequently during a session. Cookies also help us obtain information that assists us in curating the Services more targeted to your interests. You are always free to decline our cookies if your device permits, although in that case you may not be able to use certain features on the app and you may be required to provide a password more frequently during a session.