At Proxi.id, we’re in the business of verifying affiliation, not collecting personal data. Security and privacy are foundational to everything we build.
Below is a high-level overview of our security commitments and practices.
Organizational Security
Information Security Program - We have an Information Security Program in place that is communicated throughout the organization. Our program is built upon industry-standard security frameworks and best practices.
Roles and Responsibilities - Roles and responsibilities related to our Information Security Program and the protection of our customer’s data are well defined and documented. Our team members are required to review and accept all security policies.
Security Awareness Training - Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.
Confidentiality - All team members are required to sign and adhere to an industry-standard confidentiality agreement prior to their first day of work.
Application Security
- Secure Development Lifecycle: We have embedded security throughout our code pipeline to identify and remediate vulnerabilities before they reach production.
- Static Application Security Testing (SAST): We perform SAST to identify vulnerabilities in our custom code during development.
- Dynamic Application Security Testing (DAST): We use DAST to identify vulnerabilities in our live applications under real-world conditions.
- Software Composition Analysis (SCA): We use SCA to identify vulnerabilities and potentially malicious code in third-party libraries and dependencies.
- Container Security: Our containers are compliant with CIS benchmarks for container runtime security.
- Functional Testing: We perform comprehensive functional testing to ensure our applications operate securely and as intended.
- External Penetration Testing: We conduct independent third-party penetration testing on an annual basis to ensure our security posture remains strong.
Cloud Security
Cloud Infrastructure Security - Our core production services are hosted with Microsoft Azure. They employ a robust security program with multiple certifications. For more information on our provider’s security processes, please visit Azure Security.
Data Hosting Security - All of our Azure hosted databases are located in the United States and Canada.
Security Controls
- Encryption at Rest: All databases are encrypted at rest.
- Encryption in Transit: Our applications encrypt in transit with TLS/SSL only.
- Vulnerability Scanning: We perform regular scanning and actively monitor for threats.
- Logging and Monitoring: We actively monitor and log various cloud services.
Resilience and Response
- Business Continuity and Disaster Recovery: We use our data hosting provider’s backup services to reduce any risk of data loss. We utilize monitoring services to alert the team in the event of any failures.
- Incident Response: We have a formal process for handling information security events, including escalation procedures, rapid mitigation, and communication.
Access Security
- Multi-Factor Authentication (MFA): MFA is required to access all of our core systems, including administrative access.
- Permissions and Authentication: Access to cloud infrastructure is limited to authorized employees via SSO and strong password policies.
- Least Privilege: We follow the principle of least privilege for all identity and access management.
- Password Management: All team members utilize company-issued password managers to maintain complexity and security requirements.
Vendor and Risk Management
Annual Risk Assessments - We undergo at least annual risk assessments to identify any potential threats, including considerations for fraud.
Vendor Risk Management - We work with a limited number of trusted third-party providers to deliver our services. Vendor risk is determined and appropriate reviews are performed prior to authorizing any new vendor. All vendors undergo a risk assessment to ensure they operate strong security programs and comply with industry-standard cybersecurity frameworks, such as SOC 2 Type II. As part of our vendor management program, we perform annual evaluations to identify potential security exposures and fraud risks related to our service providers.
Contact Us
If you have any questions, comments, or concerns, or if you wish to report a potential security issue, please contact secops@proxi.id.
Last updated: January 24th 2026
Last Reviewed: January 24th 2026