Developer Docs

Security Controls and Data Handling

Product Name: SpinCrunch.

Version: 2.0.0

Prepared By: Security and Compliance Team.

Date: 2023-06-12.

# 1. Secure APIs

# 1.1 Transport Security

  • All API endpoints are served over HTTPS using TLS 1.2+ with strong cipher suites.
  • HTTP requests are redirected to HTTPS to prevent downgrade attacks.
  • HSTS headers are enforced on all client applications.

# 1.2 Authentication and Authorization

  • API access is secured via OAuth 2.0 Bearer Tokens.
  • Token scopes define permission boundaries
  • Client secrets are securely stored and hashed.

# 1.3 API Security Features

  • Rate Limiting: Requests per client are throttled to prevent abuse.
  • Input Validation: All incoming payloads are validated using JSON schemas.
  • Logging: All requests are logged with user ID, payload and timestamp.
  • IP Whitelisting: Available per client request.

# 2. End-to-End Encryption

# 2.1 Encryption In Transit

  • TLS 1.2/1.3 is used for all communications.
  • Mutual TLS available for enterprise.

# 2.2 Encryption At Rest

  • AES-256 encryption is used.
  • Keys managed via AWS KMS with auto-rotation.

# 3. Data Masking

# 3.1 Production Masking

  • Sensitive data masked for non-privileged roles.

# 3.2 Non-Production Masking

  • Non-prod environments use masked or synthetic data.

# 3.3 Logs and Debugging

  • Logs automatically redact sensitive values. (Phone Numbers, emails etc)

# 4. Access Logging and Auditing

# 4.1 Audit Trail

  • Logs include timestamp, user ID, action, IP

# 4.2 Log Retention

  • Retained for 180 days; extendable to 1 year.

# 4.3 Access Monitoring

  • Admins can review user access; alerts on anomalies.

# 5. Data Storage & Handling

# 5.1 Storage Regions

  • Data stored in AWS eu-East-1.

# 5.2 Encryption at Rest

  • AES-256 encryption; keys in KMS.

# 5.3 Data Retention and Erasure

  • GDPR-compliant retention and deletion.

# 5.4 Backups and Recovery

  • Daily encrypted backups; tested quarterly.

Sandbox Credentials