SECURITY
Overview and Security Statement
Data Security and our customers’ privacy is a key part of the trust our customers need. MAJORITY devotes significant resources to ensuring that we meet all facets of multiple industry and regulatory best practices for protecting our customers’ data. The following is an overview of MAJORITY’s security posture and key controls. If you have any questions please feel free to reach out to us at [email protected] and we’ll get back to you.
Change Management
MAJORITY’s software development practices are aligned with industry best practices and follow a defined software development life cycle methodology. This development process introduces security and privacy control specifications during the feature and component design and throughout the development process.
Strong Encryption
MAJORITY has deployed secure methods and protocols for transmission of confidential or sensitive information over public networks. Databases housing sensitive customer data are encrypted at rest. MAJORITY uses only recommended secure cipher suites and protocols to encrypt all traffic in transit and Customer Data is securely encrypted with strong ciphers and configurations when at rest.
Access Controls
MAJORITY uses secure access protocols and processes and follows industry best practices for authentication, including Multi Factor Authentication and Single Sign on (SSO). All production access requires the use of two-factor authentication, and network infrastructure is securely configured to vendor and industry best practices to block all unnecessary ports, services, and unauthorized network traffic.
Vulnerability Management
MAJORITY performs automated continuous vulnerability scanning of our environment and contracts with reputable external security firms to perform technical testing against our critical systems. We also employ a suite of tools and processes to perform continuous auditing and monitoring of our infrastructure for suspected malicious activities, unpatched systems, misconfigurations, and other potential vulnerabilities.
MAJORITY enforces host-based protections on all of our infrastructure and user endpoints, such as disk encryption, locking screensavers, and use of antimalware controls.
Awareness and Background Checks
MAJORITY conducts background checks on all employees before onboarding and employees receive comprehensive security awareness and privacy training at hire and on an ongoing basis. All employees are required to read and acknowledge our information security policies.
External Audits
MAJORITY is PCI Level 1 certified which include thorough controls of information security.
Privacy
MAJORITY has clearly defined how we collect, use and disclose customer information and the choices customers have about their information in the MAJORITY Privacy Policy. MAJORITY maintains detailed inventory of all information systems and the data that resides in each asset. Data is classified based on the nature of information and treated as such. Additionally, customer data is deleted upon request from the customer or following a service termination.
Incident Response
In the event of a security breach MAJORITY will promptly notify impacted users of any actual or suspected unauthorized access to their systems and data. MAJORITY has developed detailed response policies and associated procedures and a team is in place to respond to events and incidents.
Bug Bounty
MAJORITY is in favor of ethical hacking and is open to approaches from security researchers. MAJORITY will award a bug bounty in line with the severity of a confirmed vulnerability. If you believe you have found a security vulnerability in a MAJORITY domain or app, we encourage you to contact us at [email protected].