Security Overview

At Statey, we prioritize the security of your data above all else. This article provides a detailed look into the measures we have put in place to safeguard your information and maintain the integrity of our platform.

Data Encryption

  • All connections to statey.app are forced to use HTTPS with a minimum TLS version of 1.1.
  • Data at rest is secured through AES-256 bit LUKS encryption.
  • Application-level encryption utilizing AES-256-GCM safeguards access and refresh tokens.

Access Control

  • Access to critical infrastructure is granted only to essential personnel.
  • Secrets are stored within an enterprise password manager.
  • Infrastructure is accessible solely via trusted networks and over SSH using PSK.
  • Statey support staff possess access to assist end-users.
  • Staff access requires two-factor authentication (2FA) for added security.

User Authentication

  • User authentication mirrors Xero's user setup.
  • Changes in user roles in Xero are seamlessly reflected in Statey.
  • Authentication and authorization are delegated to Xero, adhering to configured 2FA settings.

Privacy Policy

  • User data in Statey is never sold to third parties or used for any form of data mining.
  • Xero data is exclusively used to generate accurate statements for customers.
  • Service partners include SendGrid (Twilio) and DigitalOcean, each with their privacy policies.

Regular Security Audits

  • Hosts in Statey's inventory are enrolled in an XDR & SIEM program that scans for secure configurations based on NIST-800 standards.
  • Security events, integrity changes, and vulnerability assessments are consistently monitored.
  • Source code is subject to static analysis for vulnerabilities within our CI/CD pipeline.

Data Backups and Disaster Recovery

  • Daily data backups are performed to ensure data preservation.
  • Full restore is expected within approximately six hours in case of data loss or disruption.

Security Updates and Patching

  • Application-level patching is supervised via CI/CD pipelines with manual application of recommendations.
  • Server-level patching is conducted monthly, using automated infrastructure tools.

At Statey, security is foundational to our service. We are dedicated to maintaining the highest standards of protection for your data. For additional inquiries or concerns, please reach out to our support team. We appreciate your trust in Statey as your preferred solution.