SECURITY AND COMPLIANCE
Who will guard the guards?
OVERVIEW
Since data privacy is our very Purpose for being, we made it a priority to design the Purpose service architecture to hold the strictest standards.
Most importantly:
-
We cannot see your data
-
Your data never leaves your account
And of course, we eat our own dog food and use Purpose for our own compliance.
INFRASTRUCTURE
Purpose is hosted on Amazon Web Services. AWS is responsible for the security of the underlying cloud infrastructure. AWS computing environments are continuously audited, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. You can read more about their practices here.
ARCHITECTURE
Purpose is deployed in your AWS account to make sure that no data leaves your organization without your control. Data indexing and metadata is only stored in your account as well.
Our service permissions are controlled by your AWS IAM access management. We also recommend that you set up a gateway to limit access from clients to the service.
Our servers also provide authentication and control data (green arrows in the diagram below) to make sure that only authorized users can send requests to the service.
This way the entire path of sensitive data (purple arrows in the diagram below) is under your control
Your AWS Account
Storage
Service
Client
User
