Security statement

Security statement

Last updated March 25, 2025


Built with best practises

We at SelectAM are deeply vested in security. It is crucial for us that the intellectual property and the sensitive information we handle is kept safe and secure. We do our best to ensure information security and privacy from its creation to deletion.

Our application development process is based on the Secure Systems Development Lifecycle, where we identify and manage risks at every step of the process. Our employees receive appropriate training for both secure application development and operation.

SelectAM Identify is a hybrid application running in the browser. Your most sensitive assets, such as CAD models and SKU’s are only stored locally and the original data never leaves your computer in an original, identifiable or easily exploitable format. We only send out partial and encrypted data for calculations. SelectAM has no access to your sensitive data and partial data is not stored during calculations.

Infographic showing the data layers of SelectAM Identify

Enterprise grade tools in the cloud

We only use the highest quality, enterprise grade tools available to ensure the highest achievable level of security. All the services we use are certified in the EU or in the US[1] with well recognised standards such as ISO 27001, SOC 2, GDPR and others. All the services we use are run on the major cloud environments: AWS, Azure and Google Cloud.

The Content Management System we use, has end-to-end encryption in place[2] to ensure secure communication between the servers and clients. All public internet traffic between the cloud services we use is done securely using HTTPS. Content is securely deleted after a grace period.

Our code is stored and distributed from a private repository running in a widely known and established developer platform where access is restricted with authentication. It is our policy that all developers have two factor authentication[3] in place. Our code is constantly being scanned for security threats and patches are applied automatically.

The access tokens we use for cloud services are disposable, updated regularly and encrypted at rest[4].

Our users log in and authenticate to our application using an established authentication and authorization platform using two factor authentication[5]. Single Sign On is available upon request. Users are granted access to different aspects of our application granularly, with specific permissions which are based on the level of their subscription. Permission changes are assessed and handled manually.

The cloud hosting we use includes multi-layer protection against application-layer attacks DDoS threats and bots [6].

Incident management

We monitor our application and the infrastructure[7] around it actively and are alerted for any suspicious activity.

We are actively following all the incident reports which are provided for us by the services we use. We also publish our own reports which include application updates and incident reports.

Our databases are backed up automatically and can be restored quickly. The CMS we use is multi-region and multi availability zone by default. The data is currently hosted in the EU and US.

Standards

We are GDPR compliant. For information on how we handle your personal data, please read our Privacy policy. Personal data breaches are reported together with other application updates.


1. Vercel ISO 27001 https://vercel.com/blog/vercel-iso-27001-security

Sanity SOC 2 compliance https://www.sanity.io/legal-cms

GitHub Trust center https://ghec.github.trust.page/
Auth0 Data privacy and compliance https://auth0.com/docs/secure/data-privacy-and-compliance
Sentry Security & Compliance https://sentry.io/security/

2. Sanity end-to-end encryption https://www.sanity.io/glossary/end-to-end-encryption

3. GitHub about passkeys https://docs.github.com/en/authentication/authenticating-with-a-passkey/about-passkeys

4. Vercel sensitive environment variables https://vercel.com/docs/environment-variables/sensitive-environment-variables

5. Auth0 multi-factor authentication https://auth0.com/docs/secure/multi-factor-authentication

6. Vercel DDoS Mitigation https://vercel.com/docs/ddos-mitigation

7. Sanity Status https://www.sanity-status.com/

Vercel Status https://www.vercel-status.com/

Auth0 Status https://status.auth0.com/