Security at Covie

At Covie, we take security seriously and we have a controls across a number of security domains to ensure that Covie is secure for our customers and users.

Data Security

Covie encrypts data in transit (via HTTPS) and also encrypts our users' data when it is at rest.

Application Security

Covie engages experts for third party pentration tests of our application. These are run on a regular basis. Covie also uses static analysis tooling to secure our product during the development process, and dependency vulnerability alerting via GitHub Dependabot and AWS ECR Image Scanning to ensure external vulnerabilities are alerted and remediated in a timely manner.

Infrastructure Security

Covie uses Amazon Web Services to host our back-end application tier and Vercel to host our front-end sites and applications, including this site. We make full use of security products within these ecosystems including AWS GuardDuty. In addition, we deploy our application using Vercel managed services, containers run on AWS Fargate, and functions run on AWS Lambda, meaning that we do not manage servers or EC2 instances in production or staging environments.