Data hosting
Sitemate runs on AWS’s global cloud infrastructure.
We use secure Platform as a Service (PaaS) database services for enhanced reliability and security.
The system uses a multi-tenant architecture.
Geographic data residency controls (control over where your data is hosted and stored) are available on Premium and Platinum plans.
Data safety and backups
Data is processed and stored in secure PaaS database services with live failover replicas (e.g. one write node and two read nodes for form databases).
Snapshot backups are taken:
Daily (stored for 7 days)
Weekly (stored for 4 weeks)
Photos and videos are stored in Amazon S3, replicated across at least three devices within a single AWS Region.
Failover and backup processes are tested in accordance with Sitemate’s Disaster Recovery (DR) and Business Continuity (BCP) policies.
Cloud management and monitoring
AWS Config is used to monitor compliance and configuration across Sitemate services, enabling auditing and continuous evaluation of resource configurations.
Encryption
All data is encrypted at rest (AES-256-CBC).
All data is encrypted in transit (TLS 1.2+).
NIST Cybersecurity Framework (CSF)
Sitemate follows the NIST Cybersecurity Framework (CSF), a risk-based approach for managing and reducing cybersecurity risks.
The NIST CSF provides a structured framework to strengthen security controls, improve resilience, and help safeguard customer data against evolving cyber threats.