Back to Home
SECURITY

Security

Last updated: June 2026 · Genius Applications Software

Our Commitment

At Genius Applications Software, security is foundational — not an add-on. We are committed to protecting the integrity, confidentiality, and availability of your business data.

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Older protocols are disabled.

Encryption at Rest

Stored data is encrypted using AES-256. Encryption keys are managed under strict rotation and access policies.

Access Controls

Role-based access controls and multi-factor authentication ensure only authorized users can access your data.

Continuous Monitoring

Our systems are monitored for anomalous activity, unauthorized access attempts, and performance degradation.

Security Frameworks and Standards

Our security design is informed by internationally recognized frameworks and best practices:

  • NIST Cybersecurity Framework — our security program is structured around the Identify, Protect, Detect, Respond, and Recover functions
  • OWASP Top 10 — applied across all application development and code review processes
  • ISO/IEC 27001 principles — our information security management practices align with ISO 27001 design principles

Infrastructure Security

  • Physical data centers with 24/7 security, access controls, and environmental safeguards
  • Network firewalls, intrusion detection systems, and DDoS mitigation
  • Automated backups with point-in-time recovery capabilities
  • Geographically redundant infrastructure to ensure high availability
  • Regular penetration testing and third-party security audits
  • Vulnerability scanning integrated into our deployment pipeline

Application Security

  • Code reviews and static analysis as part of every deployment
  • Dependency scanning for known vulnerabilities (CVEs)
  • OWASP Top 10 mitigations applied across all products
  • Secure session management with automatic expiry and token rotation
  • Input validation and output encoding to prevent injection attacks
  • Security testing conducted prior to every major release

Third-Party and Subprocessor Security

We work with third-party service providers (subprocessors) to operate our platform — including cloud infrastructure, analytics, and communication tools. All subprocessors are required to:

  • Maintain security standards equivalent to or exceeding our own
  • Sign data processing agreements that bind them to applicable privacy obligations
  • Restrict use of your data to the purposes we specify
  • Notify us immediately of any security incident involving your data

Data Isolation

Customer data is logically isolated at the application layer. No customer can access another customer’s data. Our engineering team operates under strict data access policies on a need-to-know basis, and all internal access to production data is logged and auditable.

Incident Response and Breach Notification

In the event of a security incident involving personal data, we will notify affected individuals and relevant authorities as required by applicable law, as soon as feasible after determining a breach poses a real risk of significant harm. We will provide a clear description of the nature, scope, and timeline of the incident, and the steps taken to contain, remediate, and prevent recurrence.

Responsible Disclosure

We take security research seriously. If you discover a potential security vulnerability in our platform, we ask that you report it to us privately before public disclosure. This allows us to investigate and remediate the issue without putting users at risk.

  • We will acknowledge your report within 48 business hours
  • We will keep you informed of investigation progress and expected remediation timeline
  • We will not pursue legal action against researchers who act in good faith under this policy

Employee and Organizational Security

  • All employees and contractors undergo background screening prior to hire
  • Security awareness training is conducted at onboarding and reviewed annually
  • Access to production systems is strictly controlled, logged, and reviewed regularly
  • Departing employees and contractors have access revoked immediately upon separation
  • Confidentiality and data handling obligations are embedded in all employment contracts

Your Responsibilities

Security is a shared responsibility. To protect your account and data, we recommend:

  • Using a strong, unique password for your account
  • Enabling multi-factor authentication (MFA) when available
  • Not sharing account credentials with unauthorized individuals
  • Reporting any suspicious activity to us immediately

Contact

For security inquiries and vulnerability reports, please reach out through our Contact page.