Data Security at Pamphlet

Effective Date: February 20, 2025

At Pamphlet, we take the security and protection of your data extremely seriously. This document outlines our comprehensive approach to data security and backup procedures to ensure your information remains safe, accessible, and protected at all times.

1. Data Security Framework

Pamphlet implements a multi-layered security framework designed to protect your data at every level:

a. Encryption & Protection

• All data transmissions are secured with TLS 1.2+ encryption
• All data at rest is protected with AES-256 encryption
• Sensitive information (access tokens, keys) is encrypted at the application level before storage

b. Access Controls

• Role-based access control for all system administrators and support staff
• Strict principle of least privilege for all internal access
• Multi-factor authentication (MFA) required for all administrative access
• Regular access reviews and immediate revocation when staff changes occur

c. Infrastructure Security

• Enterprise-grade DDoS protection
• Advanced intrusion detection and prevention systems
• Regular security patches and updates
• 24/7 infrastructure monitoring and alerting

2. Comprehensive Backup Strategy

Pamphlet maintains a robust backup strategy to ensure your data can be recovered quickly and reliably:

a. Automated Daily Backups

• Full database snapshots are taken automatically every 24 hours
• All backups are encrypted using the same AES-256 standard as live data
• Standard retention period of 7 days for all customers
• Extended retention periods of 14-30 days available for enterprise customers

b. Point-in-Time Recovery

• Advanced recovery capability enabling restoration to any specific moment
• Combines daily physical backups with continuous write logging
• Log files backed up every 2 minutes for minimal data loss potential
• Recovery point objective (RPO) of just 2 minutes in worst-case scenarios
• Available for all enterprise customers and as an add-on for other plans

c. Disaster Recovery

• Geographically distributed backup storage across multiple secure facilities
• Regular disaster recovery drills and testing
• Documented recovery procedures for various failure scenarios
• Ability to restore service with minimal data loss in emergency situations

3. Compliance Certifications

Pamphlet is committed to meeting industry-standard security compliance requirements:

• SOC2 Type 2 Certified: Pamphlet undergoes annual SOC2 audits to verify our security, availability, and confidentiality controls.

• HIPAA Compliance: For customers in healthcare, we offer Business Associate Agreements (BAA) and maintain HIPAA-compliant data handling procedures.

• Regular Third-Party Audits: We conduct regular penetration testing with independent security experts to validate our security posture.

4. Security Best Practices

Pamphlet implements and encourages security best practices:

• Row-Level Security (RLS): Data isolation ensures customers can only access their own data
• Network restrictions and SSL enforcement
• Secure vault management for all secrets and credentials
• Regular employee security training and awareness

5. Incident Response

In the unlikely event of a security incident:

• Our dedicated security team will respond immediately
• Affected customers will be notified promptly with full transparency
• Root cause analysis will be conducted and remediation steps taken
• Comprehensive post-incident reports will be provided as appropriate

6. Data Deletion Policy

When you delete data from Pamphlet:

• Immediate soft deletion makes data inaccessible through the platform
• Hard deletion occurs within 30 days, ensuring complete removal from all systems
• Upon account termination, all customer data is fully removed after the retention period
• Backups containing deleted data are automatically purged as they reach the end of the retention period

7. Commitment to Ongoing Security

Security is never "finished" - Pamphlet is committed to continuously improving our security posture:

• Regular security reviews and updates to our infrastructure
• Staying current with emerging threats and vulnerabilities
• Ongoing investment in security tools, training, and personnel
• Transparent communication about security enhancements

Your data is your most valuable asset, and safeguarding it is our highest priority. By choosing Pamphlet, you're partnering with a company that puts data security at the forefront of everything we do.

For any security concerns or questions, please contact our security team at hi@pamphlet.io.