Security Overview

At Transformable.app, we take security seriously. Our platform is designed with security-first principles to protect your infrastructure, data, and applications. We implement multiple layers of security controls and continuously monitor our systems to ensure the highest level of protection.

Data Protection

We protect your data through comprehensive encryption, access controls, and secure data handling practices. Your infrastructure data, application configurations, and monitoring information are treated with the utmost care and security.

Encryption Standards

All data transmission and storage uses industry-standard encryption protocols. We employ AES-256 encryption for data at rest and TLS 1.3 for data in transit, ensuring your information remains secure throughout its lifecycle.

Data in Transit

All communications between your servers, our platform, and third-party services are encrypted using TLS 1.3. This includes API calls, dashboard interactions, and monitoring data transmission.

Data at Rest

Sensitive data stored in our systems is encrypted using AES-256 encryption. This includes server configurations, application settings, and monitoring data that we collect to provide our services.

Access Controls

We implement strict access controls to ensure only authorized personnel can access your data. All access is logged and monitored, with multi-factor authentication required for administrative functions.

Infrastructure Security

Our infrastructure is built on secure, enterprise-grade platforms with comprehensive security measures. We work with trusted providers and implement additional security layers to protect your self-hosted infrastructure.

Server Security

We help secure your Ubuntu Forge servers through automated security updates, firewall configuration, and intrusion detection. Our platform monitors for security vulnerabilities and provides alerts for potential issues.

Automated Security Updates

We configure and monitor automatic security updates on your servers, ensuring critical patches are applied promptly. Our system tracks update status and alerts you to any issues that require attention.

Firewall Management

We help configure and monitor firewall rules on your servers, ensuring only necessary ports are open and properly secured. Our platform provides visibility into firewall status and configuration changes.

Application Security

Applications deployed through our platform are configured with security best practices. We use trusted container images, implement proper network isolation, and provide SSL certificate management for secure communications.

Monitoring and Alerting

Our comprehensive monitoring system provides real-time visibility into your infrastructure security posture. We monitor for security events, performance anomalies, and potential threats.

Security Monitoring

We continuously monitor your infrastructure for security events, including failed login attempts, unusual network activity, and system vulnerabilities. Our platform provides detailed security dashboards and automated alerts.

Uptime Monitoring

We monitor the availability of your applications and services using Uptime Kuma, providing immediate alerts when services become unavailable or experience issues.

Performance Monitoring

Our monitoring system tracks server performance, resource usage, and application health, helping identify potential security issues before they become problems.

Backup and Recovery

We implement comprehensive backup strategies to protect your data and ensure quick recovery in case of incidents. Our backup systems use encrypted storage and are regularly tested for reliability.

Automated Backups

We configure Kopia for incremental backups of your application data and configurations. Backups are stored securely in AWS S3 or on-premises TrueNAS MinIO storage with encryption.

Backup Verification

Our backup systems include verification processes to ensure data integrity. We regularly test restore procedures to confirm that backups are working correctly and can be restored when needed.

Incident Response

We have established incident response procedures to quickly address security issues and minimize impact. Our team is available 24/7 to respond to security incidents and provide support.

Response Procedures

When security incidents are detected, we follow established procedures to contain, investigate, and resolve issues. We provide regular updates during incident response and conduct post-incident reviews to improve our security posture.

Detection and Analysis

Our monitoring systems automatically detect potential security incidents and alert our team. We analyze incidents to understand their scope and impact, then take appropriate action to contain and resolve them.

Communication

During security incidents, we maintain clear communication with affected users, providing regular updates on the situation and steps being taken to resolve the issue.

Third-Party Security

We work with trusted third-party services and ensure they meet our security standards. All integrations are carefully evaluated for security compliance and regularly reviewed.

Service Integrations

Our platform integrates with services like Forge, Portainer, and Uptime Kuma. We ensure these integrations use secure authentication methods and follow security best practices.

API Security

All API integrations use secure authentication tokens and are configured with appropriate permissions. We regularly rotate credentials and monitor API usage for unusual activity.

Contact Security Team

If you have any security concerns or need to report a security incident, please contact us immediately:

• Email: admin@formable.app
• Support Form: /dashboard/support
• Mattermost Chat: https://mm.formable.app

For urgent security matters, please use our support form or Mattermost chat for immediate assistance. We take all security reports seriously and respond promptly to address any concerns.