Primer acquires Yonder, adds disinformation analysis to AI portfolio for information operations.

READ MORE

Security and Privacy Overview

Security and Privacy Overview

Overview

Security is of paramount importance to Primer Technologies. Primer is designed based on the fundamental principles of security and privacy, and incorporates these principles from design to production. The Information Security program at Primer is based on defense-in-depth concepts to secure organizational and client data at the ingestion, storage, access, and sharing layers. Primer does not collect any personal information on behalf of its customers, nor does Primer control or sell such information, or monitor the content of data transfers and storage within the Primer platform. 

If you have any questions, concerns, or encounter any issues please contact us at security@primer.ai

Primer security practices

Infrastructure

All Primer products and services are hosted on Amazon Web Services (AWS) cloud infrastructure and leverage powerful native security and compliance capabilities.
Primer Security and DevOps teams log, monitor, and audit all production system calls and utilize SIEM alerting, along with an intrusion detection system, for detecting anomalous activity and indicators of compromise.
Primer products can also be deployed on air-gapped bare metal infrastructure within a client environment or on a private cloud and can integrate with SAML-based authentication. 

Access management

Primer adheres to the principles of least privilege and role-based access controls when provisioning all access. Employees are only authorized to access data that is needed to fulfill their current job responsibilities, and only for as long as access is required.
Primer enforces Single Sign On (SSO) through the Security Assertion Markup Language (SAML) standard for access to internal applications, in addition to Multi-factor Authentication (MFA) for access to Development and Production systems.

Encryption

Primer encrypts data using industry standard protocols as detailed below:
– Data in transit is encrypted using TLS 1.2 or higher.
– Data at rest is encrypted using AES-256.
– Encryption keys are maintained through the cloud provider with hardware security modules that have been validated under FIPS 140-2.

Application security

Primer engages in both internal and external overt and covert security penetration testing for both our applications and infrastructure several times a year, and at minimum once per year.
Results of these tests are prioritized and remediated in a timely manner, and are shared with senior management. Penetration test reports can be made available upon request upon signing a NDA.

Data management

Primer encrypts all  data at both the disk and network  level with the account data stored in a server-side encrypted bucket in AWS S3 with encryption managed by auto-rotating KMS keys.
Client data is segregated internally in the platform and strictly controlled to ensure only data owners and those authorized by the data owner have access.

Runtime security

Primer invokes HTTPS-based REST or SOAP API endpoints and enforces encryption for data in transit using TLS 1.2 or higher. 
Primer monitors the runtime events of all production systems for anomalous activity and indicators of compromise as well as known vulnerabilities and insecure configurations. 

Disaster recovery

Primer utilizes services deployed by its hosting providers to distribute production operations across separate regions. These distributed zones protect Primer’s services from loss of connectivity, power infrastructure, and other common location-specific failures.
Primer performs regular backups and replication for its core databases/datastores and supports restore capability to protect the availability of Primer’s services in the event of outage or incident.
Primer tests backup and restore capabilities at least annually to ensure successful disaster recovery.

Incident response

Primer has established policies and procedures for responding to potential security incidents, and per policy will notify affected customers directly.
All security incidents are managed by Primer’s Incident Response Team. Primer maintains and adheres to  a robust Incident Response Policy and Standard that define the types of events that must be managed via the incident response process and classifies them based on severity.

Data privacy

Primer follows GDPR and CCPA guidelines to ensure data protection obligations to our customers. This includes the collecting, processing, and storing of customer data in compliance with these obligations and providing data subjects with the right to request that their information be deleted.
Primer provides controls for deleting customer data when it is no longer needed for a legitimate business purpose, and also provides users the option to opt-out of tracking cookies on our website.