SecurityLast updated: April 2026

Security at WPPersona

Government agencies trust us with their public-facing digital presence. We take that responsibility seriously with enterprise-grade security built into every layer of our platform.

Security Practices

๐Ÿ”

Encryption in Transit

All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. We enforce HTTPS across all endpoints with HSTS headers.

๐Ÿ—„๏ธ

Encryption at Rest

All customer data is encrypted at rest using AES-256. Database backups are also encrypted and stored in geographically separated locations.

๐Ÿ”‘

Access Controls

Role-based access controls (RBAC) limit data access to authorized personnel only. Administrative access requires multi-factor authentication (MFA).

๐Ÿ•ต๏ธ

Audit Logging

All administrative actions and content changes are logged with timestamps and user attribution. Logs are immutable and retained for 12 months.

๐Ÿ”„

Backups

Automated daily backups with point-in-time recovery. Backups are tested monthly. Retention period is 30 days.

๐Ÿ›ก๏ธ

DDoS Protection

Our infrastructure includes distributed denial-of-service (DDoS) mitigation at the network and application layers through Cloudflare and Azure.

Infrastructure

Cloud ProviderMicrosoft Azure โ€” US regions only
CDNCloudflare โ€” global edge network with WAF
Uptime SLA99.9% monthly uptime guarantee
Data ResidencyAll data stored in the United States
Penetration TestingAnnual third-party penetration testing
Vulnerability ScanningAutomated daily scans of all infrastructure

Certifications & Compliance

SOC 2 Type II

Security, availability, and confidentiality trust service criteria.

In progress

FedRAMP Ready

Federal Risk and Authorization Management Program for federal agency use.

Roadmap

WCAG 2.1 AA

Web Content Accessibility Guidelines โ€” accessibility compliance.

Certified

NIST CSF

NIST Cybersecurity Framework alignment for government customers.

Aligned

Incident Response

1

Detection

Automated monitoring alerts our security team to anomalies within minutes.

2

Containment

Affected systems are isolated immediately to prevent further exposure.

3

Notification

Affected customers are notified within 72 hours of a confirmed breach.

4

Remediation

Root cause analysis and remediation steps are completed and documented.

5

Post-Incident Review

A written post-incident report is provided to affected customers upon request.

Responsible Disclosure

If you discover a security vulnerability in WPPersona, we ask that you report it to us responsibly. Please do not publicly disclose vulnerabilities before we have had the opportunity to address them.

Report tosecurity@keyspider.io
IncludeDescription, steps to reproduce, potential impact
Response timeWe acknowledge all reports within 24 hours
Resolution targetCritical issues resolved within 7 days
Privacy Policy โ†’Terms of Service โ†’