At Corgea, security and privacy is at the heart of everything we do. It is our belief that great software delivers value while maintaining the privacy and security of it’s users data. Our commitment to these principles is unwavering, and it's evident in every facet of our operations. We have designed Corgea with a foundational emphasis on safeguarding user data and ensuring the highest levels of reliability.
Corgea's approach to data is both proactive and protective. We do not store PII, PHI, or Payment data, and any sensitive data that comes our way is promptly obfuscated or anonymized. Our no-log policy further underscores our dedication to user privacy and security. By leveraging advanced technologies like GraphQL, we minimize data exposure, and our use of tested authentication frameworks and standards ensures that user credentials are securely managed.
Infrastructure security is another area where Corgea shines. Our storage system, Glycogen, is meticulously isolated from the public internet, ensuring a robust defense against external threats. Furthermore, our single-tenant deployment model guarantees data isolation and security for each customer.
The team behind Corgea brings a wealth of experience from previous roles where they built and managed highly scalable applications compliant with stringent regulations such as FedRamp, ITAR, HIPAA, PCI, and various data privacy standards. This collective expertise ensures that Corgea not only meets but often exceeds industry standards.
In conclusion, Corgea is more than just a service; it's a testament to our unwavering commitment to security and privacy. Our users can rest easy knowing that their data is in capable and caring hands.
Best Regards,
Ahmad Sadeddin
CEO of Corgea
Does Corgea store PII, PHI, and payment data?
Corgea does not store PII, PHI, or Payment data. When Corgea detects sensitive data, it uses advanced algorithms to obfuscate or anonymize the data before storing it. All stored data is encrypted at rest using industry-standard encryption protocols. Corgea has a strict policy of not storing any data that is not flagged for being sensitive.
Does Corgea log any of the data we sent it?
Corgea maintains a strict no-log policy. It does not store any raw log data sent to it. Any temporary logs used for debugging or performance monitoring are automatically purged within a short timeframe.
What Authentication frameworks or methods does Corgea support?
Corgea relies on Django’s robust authentication framework. By default, Django employs the PBKDF2 algorithm with a SHA256 hash. This password stretching mechanism, endorsed by NIST, ensures that user credentials are securely hashed, making them resistant to brute-force and rainbow table attacks.