Endpoint Security - Production Server

Data exfiltration from production environments is tightly controlled. SSH access to production servers is restricted through IAM-based access control, and only a very limited set of authorized engineers are granted permission. All access is logged and monitored. Additionally, production environments are configured to disallow file extraction or external data transfers, and outbound internet access is disabled by default where not explicitly required. These measures collectively ensure that data movement from production systems is tightly regulated.

Although device configurations are not centrally enforced, we maintain internal standards and encourage all employees to follow security best practices, including:

• Use of strong login passwords and automatic system lock after inactivity

• Limiting administrative privileges to reduce the risk of privilege escalation

• Use of secure office networks with firewall-level protections

Employees are also trained on general security hygiene and safe software development practices. All development and operations workflows occur within secured environments, such as GCP-hosted containers, ensuring minimal reliance on local execution or sensitive local storage.

We maintain a strict policy that no sensitive or private customer data is stored on endpoint devices. All sensitive operations are conducted through secure cloud infrastructure, and customer data remains encrypted and contained within GCP-managed services.

• Access to sensitive data is restricted via SSH key-based authentication, segregated user credentials, and limited access roles

• Employees do not have local access to databases, secrets, or production logs

• Shared credentials and sensitive tokens are stored securely in cloud-managed environments and not distributed to individual machines

This policy is enforced through technical design — we architect systems to never expose sensitive data at the endpoint level. Combined with secure defaults in our cloud infrastructure and clear internal guidelines, this ensures that the risk of endpoint-based data exposure is effectively mitigated.