ALLCODE
SECURITY & TRUST
Last Updated: June 1, 2026
AllCode is committed to protecting customer data through a formal information security program designed to safeguard the confidentiality, integrity, and availability of systems, networks, applications, and data managed by AllCode.
Our security program includes administrative, technical, and organizational controls aligned with industry-recognized practices, including the NIST Cybersecurity Framework, secure software development practices, risk management, vulnerability management, access control, monitoring, incident response, and employee security training.
SECURITY PROGRAM
AllCode maintains documented information security policies, procedures, and guidelines for securing systems, networks, applications, and data. Our program is designed to identify risks, implement appropriate safeguards, monitor for malicious activity, and respond to security incidents.
Security responsibilities are shared across executive leadership, security and DevOps teams, engineering teams, employees, contractors, and authorized third parties with access to AllCode information assets.
GOVERNANCE AND RISK MANAGEMENT
AllCode maintains a risk management process to identify, assess, and mitigate risks affecting company operations, systems, assets, and client environments. Security policies are reviewed at least annually and updated as needed based on operational, regulatory, and technology changes.
AllCode uses security frameworks and documented controls to promote a consistent security posture across systems, data, and networks.
ACCESS CONTROL
AllCode follows the principle of least privilege and limits access to systems and data based on business need. Access is granted through documented approval processes and reviewed periodically. User accounts are assigned individually and account sharing is prohibited.
AllCode uses multi-factor authentication where appropriate, including for remote access and administrative access. Access for employees and contractors is modified or revoked when roles change or when access is no longer required.
PASSWORD AND AUTHENTICATION REQUIREMENTS
AllCode maintains password and authentication requirements for users, privileged accounts, and service accounts. Passwords must meet minimum complexity and length requirements, and privileged access is subject to additional safeguards.
SECURE SOFTWARE DEVELOPMENT
AllCode follows secure software development practices, including code review, change management, testing, and security review before production deployment. Engineering teams are expected to follow secure programming practices and consider common vulnerability categories, including OWASP Top 10 and related secure coding standards.
CLOUD AND INFRASTRUCTURE SECURITY
AllCode designs and manages cloud environments using security best practices across AWS, Google Cloud, and Microsoft Azure. Infrastructure security controls may include network segmentation, firewalls, cloud security groups, intrusion detection or prevention tools, logging, monitoring, encryption, backup controls, and vulnerability management.
NETWORK SECURITY
AllCode uses network security technologies such as firewalls, intrusion detection or prevention, access controls, anti-spoofing controls, and logging to help protect systems and environments. Firewall and network rules are reviewed periodically and managed through change control processes.
LOGGING AND MONITORING
AllCode maintains audit logging across infrastructure and applications to help detect, investigate, and respond to unauthorized activity. Logs may capture user authentication, administrative activity, system events, configuration changes, and security-relevant activity.
AllCode uses monitoring and alerting tools, including cloud-native services such as AWS CloudWatch, AWS CloudTrail, and related security monitoring services, to identify anomalous or security-relevant events.
VULNERABILITY MANAGEMENT
AllCode maintains a vulnerability management program for identifying, evaluating, remediating, and verifying system updates and security vulnerabilities. Internal and external vulnerability scans are conducted at least quarterly or after significant changes.
Critical and high-risk vulnerabilities are prioritized for remediation and re-scanned to verify resolution. AllCode also performs penetration testing at least annually or after significant changes to applicable environments.
PATCH MANAGEMENT
AllCode evaluates and applies security patches based on risk. Systems, devices, firmware, operating systems, applications, and other software are patched in accordance with AllCode’s patch and vulnerability standards. For AWS environments, AllCode may use AWS Systems Manager Patch Manager to automate patching for managed nodes.
ENDPOINT PROTECTION
AllCode requires approved endpoint protection for company-owned or managed information resources. Endpoint protection must not be disabled, bypassed, or altered. Files received over networks or external storage devices are subject to malware scanning before use.
DATA PROTECTION AND ENCRYPTION
AllCode uses encryption and access controls to protect customer and company data where appropriate. Data may be encrypted in transit using TLS and encrypted at rest using cloud provider encryption services and managed key systems.
AllCode applies safeguards to protect encryption keys, restrict access to sensitive data, and prevent unauthorized access, modification, or disclosure.
BACKUP AND RECOVERY
AllCode performs backups for applicable production systems, infrastructure, and data stores needed to support customer service commitments. Backups are protected using appropriate security controls and may be tested periodically to verify recoverability.
INCIDENT RESPONSE
AllCode maintains a security incident response process to identify, investigate, contain, remediate, and communicate security incidents. AllCode monitors for security incidents and provides incident response for AllCode-hosted systems and environments.
Where required by contract or law, AllCode notifies affected customers of unauthorized access, compromise, or security incidents involving customer information.
EMPLOYEE SECURITY
AllCode requires employees and contractors to complete security awareness training within thirty (30) days of hire and at least annually thereafter. Training covers security threats, responsible handling of company and customer data, incident reporting, and employee responsibilities.
Employees are required to acknowledge confidentiality obligations, and AllCode performs background or reference checks as part of its onboarding process where appropriate.
REMOTE ACCESS
AllCode controls remote access through approved methods such as VPN, multi-factor authentication, and hardened access paths. Remote access privileges are limited to authorized users and must be used only for business purposes.
AI SECURITY
AllCode provides AI consulting, automation, and application development services using enterprise cloud and AI platforms. Customer data submitted as part of paid professional services is handled according to applicable agreements, security controls, and customer instructions.
AllCode does not intentionally use customer confidential information submitted through paid professional services to train public AI models unless expressly authorized by the customer or permitted under an applicable written agreement.
AI systems and outputs should be reviewed, tested, and validated before being used in production, customer-facing, regulated, or high-impact environments.
THIRD-PARTY PROVIDERS
AllCode may use trusted third-party service providers to support cloud hosting, AI services, monitoring, communications, payment processing, collaboration, and business operations. Additional information is available on our Subprocessors page.
SECURITY DOCUMENTATION
AllCode can provide additional security documentation, questionnaires, and supporting materials upon request, subject to confidentiality requirements and customer eligibility.
CONTACT
For security questions, vulnerability reports, or security documentation requests, please contact:
Email: [email protected]
MobileAWS LLC, dba AllCode
101 Montgomery Street
Suite 905
San Francisco, CA 94104
Recent Comments