Microshare Data Security and Privacy FAQs Frequently asked questions regarding Microshare data security and privacy Where can I learn more about the data security practices of Microshare? For information the the data security practices of Microshare, please visit our [Data Security and Privacy Trust Center](https://www.microshare.io/microshares-trust-center-data-security/). Is the Microshare application compliant with relevant data protection and privacy regulations, such as GDPR or SOC 2? Microshare is SOC 2, IASME Cyber Essentials, and IASME Cyber Assurance (GDPR) complaint. We undergo annual third-party assessments as part of the recertification process to ensure we meet all data protection and privacy requirements. For more information, please visit the [Microshare Data Security and Privacy Trust Center](https://www.microshare.io/microshares-trust-center-data-security/). Do you perform regular security audits and penetration testing of your software and systems? Yes. Microshare performs both automated and manual vulnerability scans against our software and systems on at least a quarterly basis. In addition, we conduct third-party penetration testing on an annual basis. For more information, please see the [Microshare Security Letter](https://www.microshare.io/wp-content/uploads/2022/08/Microshare-SOC-2-Type-2-Security-Letter.pdf). Do you leverage encryption to protect data, both at rest and in transit? Microshare utilizes encryption in transit and at rest by default. TLS 1.2/1.3 with SHA-256/AES-128 is used as a default encryption standard between servers and all clients with TLS 1.2/1.3 support. For more information, please see our [Security Overview document](https://www.microshare.io/wp-content/uploads/2022/11/Security-1-pager-3.pdf). What security measures do you implement during the software development process? Microshare follows an iterative SDLC and is implementing the MS Security Development Lifecycle (MS SDL) as a security-specific overlay to our processes. OWASP standards are followed for the development and configuration for web accessible applications in APIs. All code and infrastructure changes are tracked in a source control repository. Any changes must be reviewed/approved before they are allowed to be submitted to the main branch. For more information on our secure development process please see the [Microshare Security Letter](https://www.microshare.io/wp-content/uploads/2022/08/Microshare-SOC-2-Type-2-Security-Letter.pdf). I’ve visited the Microshare Data Security and Privacy Trust Center and read the linked security documents. How can I find out additional details about the data security and privacy practices of Microshare? For additional information, feel free to use the live chat feature available on the [Microshare website](https://www.microshare.io/). Current and perspective contacts can email support@microshare.io for additional details. Did this doc help you? For further questions or support, please contact us at support@microshare.io