Security + Compliance Policies

Please see the list of security features below sorted by our most common app types.
Disregard any features or considerations that would not apply to the technology your app requires.

If your app type or required security features are not on this list, please contact us at or via phone at 816.547.3411.

Any additional security requirements beyond defaults provided may require adjustments of scope.

A : Online/Cloud/Server Based Applications

ie: Websites, Microsites, Web Apps, Web-Based Experiences

  • Online applications pass OWASP coding assessment (OWASP Application Security Verification Standard 4.0)
  • Applications encrypt passwords with AES-256 encryption
  • By default, applications do not collect any sensitive/non-sensitive PII data
  • When PII data collection is required, it is held in a secure server environment
  • Directories cannot be accessed by users or public visitors
  • Applications are hosted on Bare Metal/dedicated LAMP stack servers (Non-Cloud based)
  • Applications are backed up via AWS glacier storage monthly and held for 3 months
  • Applications are hosted on secure HTTPS URLs

B : Stand Alone Application Security

ie: Android/iPhone/Windows Apps, Desktop/Laptop Programs, Installable EXE or MSI Apps

  • Apps are designed to be able to run without needed administrator access.
  • When possible, apps will save visitor data locally in a secure internal database before attempting to sync the data online. Data can only be synced when an appropriate, stable online connection is available.
  • PII data synced in this manner is never made publically available.
  • App/Server communication is one way and submitted by secure encrypted posts. Only the App can start communication. No remote backdoors are created inside of the Apps.

C : Remote Software Support Security Features

ie: Remote Desktop Control Apps for Field Support

  • Remote software is installed on machines and unauthenticated then installed on completion of support needs.
  • To enable remote support, a person needs to download and install secure A3D remote support software on machine.
  • Remote support software is encrypted by 128-bit AES algorithm inside WebRTC and SSL protocols by default.

D : WebGL Web Applications

ie: Online Virtual Experiences, Web Games

For information regarding WebGL Applications, see our WebGL support page.