Security & Trust

Reason Automation is committed to protecting the security, confidentiality, and availability of your data. This section describes the security practices and controls we have in place to safeguard your information.

How We Protect Your Data

Single-Tenant Architecture

Every Reason Automation customer receives their own dedicated database instance. Your data is never commingled with other customers' data. This single-tenant architecture provides strong data isolation and ensures that your Amazon business data remains private and accessible only to your authorized users.

Encryption

At rest: All customer data stored in our PostgreSQL databases (hosted on Microsoft Azure) and Snowflake environments is encrypted at rest using industry-standard AES-256 encryption.

In transit: All data transmitted between your browser or application and Reason Automation services is encrypted using TLS 1.2 or higher. This includes connections to our customer portal, API endpoints, and database connections.

Infrastructure Security

Reason Automation's infrastructure is hosted on Microsoft Azure and Amazon Web Services (AWS), both of which maintain their own SOC 2 Type II certifications and comply with industry-leading security standards. Key infrastructure controls include:

Firewalls and network segmentation to isolate production systems
Host hardening based on CIS Benchmarks and NIST SP 800-123
Automated vulnerability scanning and patch management
Centralized logging with a minimum 2-year retention period
Continuous monitoring with automated alerting for anomalous activity

Environment Separation

Reason Automation maintains separate development, staging, and production environments. Production systems are logically and physically isolated from development and testing environments. Changes are promoted through a controlled pipeline (development → staging → production) with appropriate testing and approval at each stage.

Access & Authentication

Customer Portal Authentication

The Reason Automation customer portal at app.reasonautomation.com supports authentication via Google SSO or username and password, powered by Auth0. Auth0 is an industry-leading identity platform that handles credential storage, password hashing, and session management securely on our behalf. Reason Automation does not store your password directly — all authentication is managed by Auth0's infrastructure, which maintains its own SOC 2 Type II certification.

User Permissions & Access Control

The customer portal provides granular access controls that allow you to manage who on your team can access your data:

Admin access: Full control over account settings, user management, and billing
Data access: Control which Amazon connections and data sources each user can view
Dashboard access: Assign or restrict access to specific dashboards per user

For details on managing user permissions, see our Customer Portal User Manual.

Database Access

Customers who connect directly to their Reason Automation database (via pgAdmin, Excel, Power BI, Tableau, or Looker Studio) are provided with unique, per-customer database credentials. These credentials are managed through your customer portal and provide access only to your data.

Internal Access Controls

Reason Automation employees follow the principle of least privilege. Access to customer data and production systems is restricted to personnel with a documented operational need, requires multi-factor authentication (MFA), and is audited regularly.

Compliance

SOC 2

Reason Automation is pursuing SOC 2 Type II compliance to formally validate our security, availability, and confidentiality controls. SOC 2 is an industry-recognized auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how organizations manage data to protect the interests of their customers.

If you would like to request a copy of our SOC 2 report (when available) or have questions about our compliance program, please contact support@reasonautomation.com.

Data Handling & Retention

All customer data collected by Reason Automation is stored exclusively in the United States. We retain your data for as long as your account is active and as needed to provide you with our services. For full details on how we collect, use, and protect your personal information, please see our Privacy Policy.

Vendor & Third-Party Management

Reason Automation evaluates the security posture of third-party vendors and cloud service providers before integrating them into our platform. Our primary infrastructure providers (Microsoft Azure, Amazon Web Services, Snowflake) each maintain their own SOC 2 Type II certifications.

Incident Response

Reason Automation maintains a formal Security Incident Management Policy that defines how we identify, respond to, and recover from security incidents. If a security incident affects your data, we will notify you promptly and provide details on the nature of the incident, the data involved, and the steps we are taking to remediate it.

Responsible Disclosure

If you believe you have discovered a security vulnerability in any Reason Automation service, we encourage you to report it to us. Please send details to support@reasonautomation.com. We ask that you:

Provide sufficient detail for us to reproduce and verify the issue
Allow reasonable time for us to address the vulnerability before any public disclosure
Do not access, modify, or delete data belonging to other customers

We appreciate the security research community's efforts to help us keep our customers safe.

Questions?

If you have any questions about Reason Automation's security practices, compliance program, or data handling, please contact us at support@reasonautomation.com.