Security & Backup Policy

At Part3, safeguarding your data is our priority. We are dedicated to upholding the trust you place in us by providing secure, compliant and reliable services. We regularly assess our security and compliance to ensure we’re up to date with latest developments.

Encryption at rest and in transit: Data and metadata is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys. TLS connection is used in reading & writing all data and metadata.

Access control: Identity-based access control is enforced at the application level via OAuth 2.0 standards. Role-based access control is enforced at the organization and project levels.

Admin MFA: All accounts that access code, CI/CD, SMTP, infrastructure, storage and data must have Multi-Factor Authentication enabled. Production-level access is closely monitored.

Regular code analysis: Regular, ongoing dependency scans are performed as part of the CI/CD process to alert any vulnerabilities in the dependency chain. Regular patches are rolled out to host images automatically.

Data storage & backup: Data is stored in a multi-region configuration throughout North America, which is redundant across 3 regions (2 read/write, 1 witness):

• us-central1 (Iowa)
• us-central2 (Oklahoma)
• us-east1 (South Carolina) (witness)

File storage & processing: Based on location, we offer Canadian- and American-specific infrastructure for file storage, processing and backup. Our storage provider claims 99.999999999% (11 9's) annual durability with active-active architecture within a region.

• United States: US multi-region, with US multi-region backup
• Canada: northamerica-northeast2 (Toronto), with backup in northamerica-northeast1 (Montreal)

Backup Policy

Recovery Time Objective: 3 hours

Recovery Point Objective: 1 day

Restore Testing Frequency: Quarterly

Data Backup Cadence: Daily

File Backup Cadence: Daily