Being a cloud based solution, the software and all client data is stored on CORTO Services, which are built on the Amazon Web Services (AWS) platform.
AWS is a leading cloud services platform, providing database storage, content delivery and a range of other functions. It is one of the largest and most successful cloud platform providers in the world.
AWS makes security its top priority, providing a data centre and network architecture built to meet the requirements of the most security sensitive. AWS is constantly evolving its core security services such as identity and access management, logging and monitoring, encryption and key management, network segmentation and Denial of Service (DDoS) protection.
CORTO stores data originating from the EU, UK, AU, NZ, US and CA in Oregon region, US . CORTO actively works to take advantage of AWS suite of services, following Information Security industry practices.
You can find out more about AWS security in the AWS Security & Compliance Quick Reference Guide.
View our security and compliance quick reference guide
CORTO application is accessed via HTTPS using Transport Layer Security (TLS). Once client data reaches the CORTO cloud infrastructure, all information is then encrypted at rest, using AES-256, encryption.
CORTO is designed as a highly available solution to reduce the risk of downtime. Its services are distributed across multiple AWS data centres within the AWS region and utilise OpenAI services for AI processes. CORTO is not responsible for any delays caused by the availability of AWS or OpenAI services.
CORTO environment is monitored 24 hours a day, 7 days a week, 365 days a year. This ensures that any potential issues are quickly identified and addressed, providing peace of mind regarding the security and reliability of your data.
CORTO adheres to secure development practices, including code scanning, code reviews, testing, and internal security consultations on development projects. Additionally, CORTO implements robust security measures to continuously protect all CORTO APIs and prevent automated abuse by bots and other malicious actors. Our advanced bot protection technology effectively distinguishes between legitimate automated traffic and malicious traffic to counter these evolving threats.
We partner with OpenAI for our generative AI needs. Importantly, OpenAI ensures that client data is not used for training their models. (OpenAI Enterprise Privacy Policy)
If you provide CORTO with any personal or sensitive data about other individuals, whether directly, through our websites, our software, or by any other means, you confirm that you have the authority to do so and grant us permission to use, access, or host that data.
To protect you and your information, CORTO may suspend your access to any CORTO service without notice if a security breach is suspected, pending investigation.
Unauthorised access to password-protected and/or secure areas is which is prohibited and may result in legal action (including criminal prosecution) and account suspension.
If you believe your interaction with us is no longer secure (for example, if you suspect your account's security has been compromised), please notify us immediately by contacting us at security@docorto.ai.
We may use your information as we believe to be necessary or appropriate under applicable law, including laws outside your country of residence;
CORTO uses industry-standard security measures to protect your information. However, the security of data transmitted over the Internet cannot be guaranteed.
CORTO is not liable for any interception or interruption of communications over the Internet or for any alterations or losses of information.
Users are responsible for maintaining the security of their passwords, user IDs, or other forms of authentication used to access password-protected or secure areas of CORTO systems.
All CORTO staff with direct access to our critical infrastructure must undergo a rigorous vetting process, including police background checks. This guarantees that only verified team members are entrusted to manage our core platform.
CORTO will promptly notify the client in writing upon discovering any Data Breach involving the client’s data.
If you identify a vulnerability or notice that data is publicly accessible outside the CORTO Software, please contact CORTO immediately at security@docorto.ai.
Ensuring the security and confidentiality of our users' data is a top priority for us. This thorough, independent evaluation of our internal security controls reaffirms our commitment to maintaining the highest standards for protecting user data.
This statement reflects the security policy of CORTO and is regularly reviewed and updated. It should be regarded as the primary source of truth regarding security within CORTO. Any questions should be directed to security@docorto.ai.