Last updated: February 2026
Security Policy
Performy's primary priority is the security of customer data. This document details our practices to ensure the Confidentiality, Integrity, and Availability of information.
1. Infrastructure and Certifications
All Performy infrastructure is hosted on Amazon Web Services (AWS). We benefit from the following certifications:
- •SOC-1 / ISAE 3402, SOC-2, and SOC-3.
- •ISO 9001, ISO/IEC 27001, and ISO 27018.
- •PCI-DSS: Payments are managed externally by Stripe, meeting global payment security standards.
2. Storage and Hosting (Ireland)
- •Data Location: To ensure regulatory compliance and data sovereignty, our primary database resides in the EU Region (Ireland, eu-west-1).
- •Resilience: We perform full database snapshots with a 7-day retention period. Backups are Multi-AZ (Availability Zone) to ensure disaster recovery.
3. Encryption and Connectivity
- •In Transit: All data is encrypted using RSA / SHA-256 mechanisms.
- •Secure Protocols: API endpoints are accessible exclusively via TLS/SSL.
- •Certificates: Dedicated SSL certificates managed via Let's Encrypt.
4. Monitoring and Authentication
- •Active Monitoring: CloudWatch and Sentry for infrastructure health and real-time error tracking.
- •Access Control: Access to customer data is restricted to authorized personnel via Two-Factor Authentication (2FA) and granular permission levels.
- •Confidentiality: All employees sign strict Non-Disclosure Agreements (NDAs).
- •SLA: We target a 99.9% Uptime availability for our services.