Security at Magic Evidence

MAGICapp is built with security and reliability at its core. We follow industry cyber security standards and AWS best practices to safeguard your data. We put a strong focus on secure architecture, continuous monitoring, and responsible development practices.

Application Security

• Secure development practices (OWASP standards)
  We follow trusted guidelines from the Open Web Application Security Project (OWASP) to make sure our app is built to resist common threats from the ground up.
• Automated and manual security testing
  We constantly test our code using both smart tools and human reviewers to catch problems early and keep your data safe.
• Code & dependency scanning
  We regularly scan our software and the third-party tools we use to make sure there are no hidden risks or outdated components.
• API security reviews
  Every major change to how our systems talk to each other (APIs) is reviewed carefully to prevent unauthorized access or data leaks.
• Internal penetration testing
  We simulate real-world attacks on our platform to find and fix weaknesses before bad actors can exploit them.
• Serverless front-end (smaller attack surface)
  By using serverless technology for our user interface, we eliminate many traditional entry points for attackers — making our app harder to breach.

Supply Chain Security

• 2FA for all critical access
  We use two-factor authentication to protect access to our cloud systems and codebase, adding an extra layer of security beyond just passwords.
• Strong IAM practices for code deployment
  Only the right people can make changes to our software — and only when they're supposed to.
• All 3rd-party libraries are reviewed for integrity
  We carefully check all outside tools we use in our code to make sure they’re safe and trustworthy.

Cloud Infrastructure & Monitoring

• AWS-native tools: GuardDuty, SecurityHub, CloudWatch, CloudTrail
  We use Amazon's built-in security tools to watch over our systems and catch anything unusual, 24/7.
• Real-time vulnerability and intrusion detection
  We’re alerted immediately if anything suspicious happens, so we can act fast to protect your data.
• Malware scanning on all uploads
  Any file uploaded to our system is automatically scanned for viruses or harmful software.
• External infrastructure scanning
  We regularly check our systems from the outside — just like a hacker would — to find and fix any weak spots.

Incident Response

• NIST-based incident response framework
  Our plan for handling security issues follows well-known standards — clear, tested, and effective.
• High-risk vulnerabilities addressed in 24 hours
  If a serious issue is found, we move fast. Fixes happen within a day or as soon as a patch is available.
• Transparent communication and support
  If something happens that affects your data, we’ll keep you informed and work with you every step of the way.

Encryption & Access Control

• We encrypt passwords
  Your passwords are never stored as-is — we use strong encryption to keep them hidden and protected.
• We encrypt data in transit
  All data that moves between your device and our app is fully encrypted in transit.
• All data is encrypted at rest
  Your information stays encrypted even when stored on our servers — not just in transit.
• Vaulted secrets
  Sensitive system credentials (like API keys) are securely stored and tightly controlled.

Compliance Readiness

• Controls aligned with SOC 2 best practices
  We’ve designed our security program to follow many of the same standards used in SOC 2 audits — a widely respected security framework.
• Continuous risk and vulnerability tracking
  We constantly monitor our systems for new risks and stay on top of the latest security threats.
• Customer-ready documentation and security reviews
  We’re prepared to share details about our security controls and help you complete any due diligence or vendor reviews.