At Corgea, security and privacy is at the heart of everything we do. It is our belief that great software delivers value while maintaining the privacy and security of it’s users data. Our commitment to these principles is unwavering, and it's evident in every facet of our operations. We have designed Corgea with a foundational emphasis on safeguarding user data and ensuring the highest levels of reliability.
The team behind Corgea brings a wealth of experience from previous roles where they built and managed highly scalable applications compliant with stringent regulations such as FedRamp, ITAR, HIPAA, PCI, and various data privacy standards. This collective expertise ensures that Corgea not only meets but often exceeds industry standards.
In conclusion, Corgea is more than just a service; it's a testament to our unwavering commitment to security and privacy. Our users can rest easy knowing that their data is in capable and caring hands.
Best Regards,
Ahmad Sadeddin
CEO of Corgea
Does Corgea store PII, PHI, and payment data?
Corgea does not store PII, PHI, or Payment data. When Corgea detects sensitive data, it uses advanced algorithms to obfuscate or anonymize the data before storing it. All stored data is encrypted at rest using industry-standard encryption protocols. Corgea has a strict policy of not storing any data that is not flagged for being sensitive.
Does Corgea log any of the data we sent it?
Corgea maintains a strict no-log policy. It does not store any raw log data sent to it. Any temporary logs used for debugging or performance monitoring are automatically purged within a short timeframe.
What Authentication frameworks or methods does Corgea support?
Corgea relies on Django’s robust authentication framework. By default, Django employs the PBKDF2 algorithm with a SHA256 hash. This password stretching mechanism, endorsed by NIST, ensures that user credentials are securely hashed, making them resistant to brute-force and rainbow table attacks.
Is the storage system (Glycogen) exposed to the public internet?