Sublime LogoClose


Security at Sublime

Below you'll find a high-level overview of the processes, procedures, and other technologies we've put in place to ensure the security of our platform.

General practices

  • Access to servers, source code, and third-party tools are secured with non-SMS two-factor authentication.
  • We use strong, randomly-generated passwords that are never re-used.
  • All user data is encrypted in transit and at rest.
  • Employees and contractors are given the lowest level of access that allows them to get their work done. This rarely includes access to production systems or data.
  • We use automatic security vulnerability detection tools to alert us when our dependencies have known security issues. We are aggressive about applying patches and deploying quickly.
  • We don't copy production data to external devices (like personal laptops).

Data encryption in transit and at rest

By default all communications with the Sublime Service are encrypted using industry-standard communication encryption technology. Sublime currently uses Transport Layer Security (TLS), with regular updates to ciphersuites and configurations.

All user data is encrypted at rest.

We monitor the changing cryptographic landscape closely and work promptly to upgrade the service to respond to new cryptographic weaknesses as they are discovered and implement best practices as they evolve.

Infrastructure security

All of our services run in the cloud and are built on Amazon Web Services (AWS). AWS is GDPR-ready, ISO/IEC 27001, SOC 2, and PCI DSS compliant.

You can read the compliance documentation for AWS here.

Network security

Sublime regularly updates network architecture schema and maintains an understanding of the data flows between its systems. Firewall rules and access restrictions are reviewed for appropriateness on a regular basis.

Data access

Access to user data stored on the Sublime Service is restricted within Sublime to employees and contractors who have a need to know this information to perform their job function, for example, to provide user support, to maintain infrastructure, or for product enhancements.

Sublime currently requires the use of single sign-on, strong passwords, and non-SMS two-factor authentication for all employees to access production servers for the Sublime Service.

Code assessments

The software we develop for the Sublime Service is continually monitored and tested using a process designed to proactively identify and remediate vulnerabilities. We regularly conduct:

  • Automated source code analysis designed to find common defects
  • Peer review of all code prior to being pushed to production
  • Manual source code analysis on security-sensitive areas of code
  • Third-party application security assessments and penetration tests performed annually

Personnel practices

Sublime conducts mandatory background checks on all employees before employment, and employees receive privacy and security training during onboarding as well as on an ongoing basis.

Employees and contractors sign agreements that require them to protect the security and confidentiality of any sensitive information they access.