top of page

Two Dots Information Security

Updated: February 28, 2023

Here is an overview of security practices currently implemented at Two Dots


  1. We have a data protection policy that involves:

    1. Need-to-know access control

    2. Sensitive data is encrypted in transit and at rest

    3. SSNs are scrubbed from all log entries

    4. Audit logging is used to keep a log of all mutations to database data and access to cloud resources

  2. Accounts that control access to corporate resources are secure

    1. For accounts with infrastructure level access to customer data, we use physical MFA via security keys that are located in our homes and office, meaning to gain access someone would need to steal the physical security keys​

    2. For accounts that use a password, we randomly generate secure passwords and store them password manager and use additional MFA when available

  3. We maintain a list of all devices with access to corporate resources.

    1. BYOD smartphones are given access to a lower level communications tools

    2. Work computers are actively monitored/controlled by industry leading software

  4. Customer data is set to be regularly backed up in compliance with data retention policy

  5. Regular vulnerability reviews and remediation

  6. Incident response plan, including a plan for data breach reporting

  7. A designated security officer educated on the information security program and playbooks


In order to learn about our security practices, please contact us at:


bottom of page