Tribal Habits’ approach to security is based on meeting the equivalent of ISO 27001 Certification standards. Please note that at this time, we have not applied for certification but have adopted an internal standard in line with ISO 27001 and will seek ISO 27001 formal certification at a future date.

You can review our detailed security processes and policies at our dedicated Security portal located at https://security.tribalhabits.com/.

Security at Tribal Habits is underpinned by the following eight core principles.

We host all data with Amazon Web Services in Sydney, Australia. AWS is the gold standard for SaaS platforms offering unparalleled built-in military-grade security options. This includes DDOS protection, customised firewalls, AI-driven intrusion protection, automated vulnerability scanning and more.

All data stored (at rest) at Tribal Habits is encrypted by default using an industry-standard AES-256 encryption algorithm. This includes our database as well as all files, assets and code. All data transferred to users is encrypted via TLS security using a SHA2 certificate with a full 2048 bit key.

Our code is high quality from conception to deployment. We use automated static code analysis alongside human review to ensure best practices are implemented across code pushes. Responsive development means new features, resiliency improvements and bug fixes arrive weekly and seamlessly.

We monitor our security posture 24/7 via AWS Security Hub. This includes AWS Guardduty for real-time intrusion alerts and AWS Inspector for automated vulnerability reporting. We also engage independent 3rd party annual vulnerability and penetration testing.

A critical part of security are our people. All Tribal Habits staff complete regular (semi-annual) training on information security, social media and phishing. Development teams undertake extra training on OWASP Top 10 and best practices in secure development principles.

Tribal Habits utilises AWS Elastic Beanstalk technology to distribute our platform across multiple instances and availability zones within the AWS infrastructure. Load balancers and auto-scaling rules ensure we have multiple failover instances to prevent outages. Our uptime is live and public.

While the vast majority of Tribal Habits code is developed internally, we integrate with selected trusted partners to provide world-class features when required. All our partners must have ISO 27001 or SOC 2 Type 2 certifications. Partners are integrated via secure Restful APIs with restricted access to key features.

Our security practices are constantly under review, including analysis and reports from external third parties. We have detailed Incident Management and Disaster Recovery plans, including simulated incidents and game-day security training for our team. We regularly review and update our code with latest practices.