Product Security is central to ISMS Policy Generator’s mission.
Audit Logs #
Yes, at ISMS Policy Generator, we log all user activities that occur within our application. We utilize the extensive logging capabilities provided by our application platform, Bubble.
These logs capture various events, enabling us to maintain a secure environment, ensure the integrity of our services, and investigate any potential issues. However, we respect our users’ privacy and handle all data in accordance with our privacy policy and applicable regulations.
Please note that these logs are used solely for the purpose of security, service optimization, and ensuring the best user experience, and are not shared or sold to any third parties.
Single Sign-On (SSO) #
Yes, users can sign into our product using both Google Single Sign-On (SSO) and LinkedIn Single Sign-On (SSO). These features provide secure and convenient access to our services, leveraging the robust authentication mechanisms of Google and LinkedIn.
Multi-Factor Authentication (MFA) #
Our application now requires user authentication to ensure the highest level of security. Users must create accounts and sign in using either Google or LinkedIn Single Sign-On (SSO). For those who do not use SSO, we have implemented multi-factor authentication (MFA). Upon login, these users receive a two-factor authentication (2FA) code via email, which they must enter to access their accounts. This makes sure no one except the user can access their account.
User Access Controls #
Our application now includes user accounts, and each user has access only to their own information. We have implemented robust privacy rules to prevent one user from accessing another user’s data. This ensures that all user information is securely segregated and accessible only by the respective user.
Details:
- User Segregation: Each user can see and manage only their own data.
- Privacy Rules: We have applied strict privacy rules to ensure that user data is isolated and protected from unauthorized access.
- Security: These measures enhance the overall security of our platform, ensuring that user data remains confidential and secure.
By focusing on user-specific access controls and privacy rules, we ensure a secure and personalized experience for all our users.