Geckolyst Security

Certifications

Data Security

At Geckolyst, we prioritize the security of our application and customers' data. Account management, including provisioning and access, is at the discretion of individual account owners.

Changes to the application, web content, infrastructure, and deployment processes are documented as part of an internal change control process. Each version undergoes a mandatory security review to ensure compliance with our internal Information Security Management System (ISMS) policies.

Our product collects limited customer information—name, phone number, and email address—necessary for account creation. For payment purposes, billing details such as name, phone number, billing address, and credit card information are managed by our PCI-compliant payment processor.

Data at rest is encrypted using AES-256 standards, with key management handled by AWS Key Management Service. Data in transit is encrypted using secure TLS protocols.

Application logs are maintained for one year. Customer data backups are carried out in two ways:

• Continuous Data Backup: Maintained across different data centers to support system failover, ensuring that in case of a catastrophe, data loss is limited to five minutes.
• Daily Persistent Storage Backup: Data is backed up daily and retained for seven days.

Development and testing are conducted in separate environments. System access is strictly managed based on the principle of need-to-know, with segregation of duties and quarterly reviews.

Physical Security

Geckolyst’s development center is protected 24/7 by security measures at both the premises and floor levels, ensuring that only authorized individuals have access. The building is secured with barriers and guards, and access to the floor requires biometric authorization. Employees gain office access only after verification with government-issued IDs. Critical areas are accessible only to authorized personnel.

High-importance documents are stored in secure cabinets accessible only to authorized individuals. The office is equipped with surveillance cameras, monitored periodically, and fire safety measures, including alarms and sprinklers. Regular fire drills are conducted to educate employees on emergency procedures. Visitor access is regulated through a formal policy. The office maintains a 24/7 power supply, backed by an alternate system to ensure continuous operation.

Geckolyst hosts its applications and data on Amazon Web Services (AWS), whose data centers have undergone rigorous testing for availability, security, and business continuity.

Application Security

All Geckolyst products are hosted on AWS. We take a multifaceted approach to application security, ensuring that all processes from engineering to deployment adhere to the highest safety standards.

Network Security

Geckolyst’s office network, where updates are developed, is secured with antivirus software and industry-grade firewalls, providing alerts in case of threats or incidents. Firewall logs are reviewed regularly. Access to the production environment is through SSH, with remote access restricted to the office network. Audit logs are generated for each session and reviewed. Access to production systems is secured with multi-factor authentication.

The infrastructure is monitored 24/7 by our DevOps and Security teams for stability and security. Penetration tests and vulnerability assessments are conducted quarterly. We maintain an in-built spam protection system and monitor accounts for potential threats.

Operational Security

Geckolyst employs formal procedures, controls, and defined responsibilities to ensure data security and integrity. Change management processes, fallback mechanisms, and logging and monitoring are part of our operational security. An information security committee oversees and approves organization-wide security policies.

Operational security begins with recruitment, including background checks on new employees. Employees receive extensive training on our information security policies and must acknowledge understanding them. Access to confidential information is restricted to authorized personnel only.

Employees are encouraged to report suspicious activities. Disciplinary actions are taken against policy violations. Security incidents can be reported by customers via security@geckolyst.com.

Geckolyst maintains a database of all information systems, supported by automated tools for tracking changes. Only authorized software is used. No third parties manage software or information facilities, and no development activities are outsourced. All systems are approved by management before use.

External security consultants conduct penetration tests on a duplicate system to ensure resilience. Actual customer data is never used in these tests. Unauthorized tests on the production environment are detected and blocked, with alerts sent to the DevOps and Security teams.

How to Report an Issue

If you discover a security-related issue, please report it to security@geckolyst.com. Feel free to reach out with any queries.