Security
NewLine.ai Security
At NewLine.ai, we understand the importance of online security and the need for various types of safety measures to protect the data entrusted to us by our clients.
We recognize that the cyber threats facing us, our clients, and the financial services industry as a whole are more significant than ever. Therefore, we have implemented advanced and robust information security procedures and a fully redundant infrastructure without single points of failure to ensure the ongoing protection and continued availability of our SaaS applications, networks, and systems. Our workspace environments are fully remote running on Google Cloud environment and SaaS applications hosted on Amazon Web Services and protected by Cloudflare reverse proxy and web firewall.
Physical Security
Our server infrastructure utilizes leading cloud service providers such as Amazon Web Services and Google Cloud Platform. The data is stored on hardened equipment using multiple security controls in multi-region data centers facilities with CCTV, two-factor authentication, environmental controls, and monitoring. All data center locations maintain on-site power generation capacity, ensuring we can continue providing service through most power outages.
Corporate Security
NewLine.ai leverages internal services that require transport level security for network access and individually authenticate users by way of a central identity provider and leveraging two factor authentication wherever possible.
All NewLine.ai personnel undergo regular security and privacy awareness training that weaves security into technical and non-technical roles; all employees are encouraged to participate in helping secure our customer data and company assets. Security training materials are developed for individual roles to ensure employees are equipped to handle the specific security oriented challenges of their roles.
Authentication and Access Management
End users may log in to NewLine using an Identity Provider. This service will authenticate an individual’s identity and may provide the option to share certain personally identifying information with NewLine, such as your name and email address to pre-populate our sign up form.
All requests to the NewLine API must be authenticated. Requests that write data require at least reporting access as well as an API key. Requests that read data require full user access as well as an application key. These keys act as bearer tokens allowing access to NewLine service functionality.
Protection of Customer Data
Data submitted to the NewLine by authorized users is considered confidential. This data is protected in transit across public networks and encrypted at rest. Customer Data is not authorized to exit the NewLine production environment, except in limited circumstances such as in support of a customer request.
All data transmitted between NewLine and NewLine’s users is protected using Transport Layer Security (TLS) and HTTP Strict Transport Security (HSTS). If encrypted communication is interrupted the NewLine application is inaccessible. Access to Customer Data is limited to functions with a business requirement to do so. NewLine has implemented multiple layers of access controls for administrative roles and privileges. Read more