Sustain.life API Security

At Sustain.Life, we take security seriously. Customers trust us with their sustainability data, and we protect it using best-in-class tools, training, techniques, and platforms.

Data encryption​

• HTTPS / TLS 1.2 enforced for all endpoints, with automated certificate management​

• All data is encrypted at rest in Azure (Cosmos, SQL server, Azure Storage)​

User security & key management​

• All customer accounts are managed by Azure Active Directory & Azure AADB2C​

• API key management tied to customer AADB2C accounts with Azure API Management​

• Least privileged access model to enforce consistent permissioning​

Usage monitoring​

• Azure API Management used for privileges, throttling, and caching to ensure high availability to the end user​

• 24x7 on-call handled by the Sustain.life engineering team to ensure stability​

Best practices​

• Penetration testing to proactively discover potential security risks​

• Continuous source code analysis for known vulnerabilities and copyright compliance

For additional details, please schedule a call with our security team.