Secure Customer Service

We use a combination of enterprise-class security features and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected.

Talk to an Expert Sign up and start MyTEC

Compliance Certifications and Security

Last updated on June 24th, 2021

We use best practices and industry standards to achieve compliance with industry-accepted general security and privacy frameworks, which in turn helps our customers meet their own compliance standards.

ISO 27001:2013

MyTEC manage by Brainspark Technologies Pvt. Ltd, certified by 27001:2013.

Cloud Security

  • Data Center Physical Security
    • Facilities

      MyTEC hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Learn more about Compliance at AWS.

      AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment to help protect servers and ultimately your data. Learn more about Data Center Controls at AWS.

      On-Site Security

      AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn more about AWS physical security.

      Data Hosting Location

      MyTEC leverages AWS data centers in the United States, Europe, and Asia Pacific.

  • Network Security
    • Dedicated Security Team

      Our globally distributed Security Team is on call 24/7 to respond to security alerts and events.


      Our network is protected through the use of key AWS security services, integration with our Cloudflare edge protection networks, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks.


      Our network security architecture consists of multiple security zones. More sensitive systems, like database servers, are protected in our most trusted zones. Other systems are housed in zones commensurate with their sensitivity, depending on function, information classification, and risk. Depending on the zone, additional security monitoring and access controls will apply. DMZs are utilized between the Internet, and internally between the different zones of trust.

      Network Vulnerability Scanning

      Network security scanning gives us deep insight for quick identification of out-of-compliance or potentially vulnerable systems.

      Third-Party Penetration Tests

      In addition to our extensive internal scanning and testing program, each year, MyTEC employs third-party security experts to perform a broad penetration test across the MyTEC Production and Corporate Networks.

      Intrusion Detection and Prevention

      Service ingress and egress points are instrumented and monitored to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated signatures based on new threats. This includes 24/7 system monitoring.

      Threat Intelligence Program

      MyTEC participates in several threat intelligence sharing programs. We monitor threats posted to these threat intelligence networks and take action based on risk.

      DDoS Mitigation

      MyTEC has architected a multi-layer approach to DDoS mitigation. A core technology partnership with Cloudflare provides network edge defenses, while the use of AWS scaling and protection tools provide deeper protection along with our use of AWS DDoS specific services.

      Logical Access

      Access to the MyTEC Production Network is restricted by an explicit need-to-know basis, utilizes least privilege, is frequently audited and monitored, and is controlled by our Operations Team. Employees accessing the MyTEC Production Network are required to use multiple factors of authentication.

      Security Incident Response

      In case of a system alert, events are escalated to our 24/7 teams providing Operations, Network Engineering, and Security coverage. Employees are trained on security incident response processes, including communication channels and escalation paths.

  • Encryption
    • Encryption in Transit

      All communications with MyTEC UI and APIs are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and MyTEC is secure during transit. Additionally for email, our product leverages opportunistic TLS by default. Transport Layer Security (TLS) encrypts and delivers email securely, mitigating eavesdropping between mail servers where peer services support this protocol. Exceptions for encryption may include any use of in-product SMS functionality, any other third-party app, integration, or service subscribers may choose to leverage at their own discretion.

      Encryption at Rest

      Service Data is encrypted at rest in AWS using AES-256 key encryption.

  • Availability & Continuity
    • Uptime

      MyTEC maintains and inform system status to registered clients time to time, which includes system availability details, scheduled maintenance, service incident history, and relevant security events.


      MyTEC employs service clustering and network redundancies to eliminate single points of failure. Our strict backup regime and/or our Enhanced Disaster Recovery service offering allows us to deliver a high level of service availability, as Service Data is replicated across availability zones.

      Disaster Recovery

      Our Disaster Recovery (DR) program ensures that our services remain available and are easily recoverable in the case of a disaster. This is accomplished through building a robust technical environment, creating Disaster Recovery plans, and testing activities.

      Enhanced Disaster Recovery

      Our Enhanced Disaster Recovery package adds contractual objectives for Recovery Time Objective (RTO) and Recovery Point Objective (RPO). These are supported through our capability to prioritize operations of Enhanced Disaster Recovery customers during any declared disaster event.

Application Security

  • Secure development (SDLC)
    • Secure Code Training

      At least annually, engineers participate in secure code training covering OWASP Top 10 security risks, common attack vectors, and MyTEC security controls.

      Framework Security Controls

      MyTEC leverages modern and secure open-source frameworks with security controls to limit exposure to OWASP Top 10 security risks. These inherent controls reduce our exposure to SQL Injection (SQLi), Cross Site Scripting (XSS), and Cross Site Request Forgery (CSRF), among others.

      Quality Assurance

      Our Quality Assurance (QA) department reviews and tests our code base. Dedicated application security engineers on staff identify, test, and triage security vulnerabilities in code.

      Separate Environments

      Testing and staging environments are logically separated from the Production environment. No Service Data is used in our development or test environments.

  • Vulnerability Management
    • Dynamic Vulnerability Scanning

      We employ third-party security tooling to continuously and dynamically scan our core applications against the OWASP Top 10 security risks. We maintain a dedicated in-house product security team to test and work with engineering teams to remediate any discovered issues.

      Static Code Analysis

      The source code repositories for both our platform and mobile applications are scanned for security issues via our integrated static analysis tooling.

      Third-Party Penetration Testing

      In addition to our extensive internal scanning and testing program, MyTEC employs third-party security experts to perform detailed penetration tests on different applications within our family of products.

      Bug Detection Program

      Our Bug Detection Program gives security researchers, as well as customers, an avenue for safely testing and notifying MyTEC of security vulnerabilities through our expert tracking team.

Product Security

  • Authentication Security
    • Authentication Options

      Customers can enable native MyTEC authentication, social media Single sign-on (SSO) (Facebook, Twitter, Google), and/or Enterprise SSO (SAML, JWT) for end-user and/or agent authentication.

      Configurable Password Policy

      MyTEC native authentication for products available through the Admin Center provides the following levels of password security: low, medium, and high, as well as set custom password rules for agents and admins. MyTEC also allows for different password security levels to apply to end users vs. agents and admins. Only admins can change the password security level.

      2-Factor Authentication (2FA)

      MyTEC native authentication for products available through the Admin Center offers 2-factor (2FA) for agents and admins via SMS or an authenticator app.

      Service Credential Storage

      MyTEC follows secure credential storage best practices by never storing passwords in human readable format, and only as the result of a secure, salted, one-way hash.

  • Additional Product Security Features
    • Role-Based Access Controls

      Access to data within MyTEC applications is governed by role-based access control (RBAC) and can be configured to define granular access privileges. MyTEC has various permission levels for users (owner, admin, partner, end-user, guardian, student etc.).

      IP Restrictions

      MyTEC Products can be configured to only allow access from specific IP address ranges you define. These restrictions can be applied to all users or only to your sub users.

      Private Attachments

      You can configure your instance so users are required to sign in to view ticket attachments.

      Email Signing (DKIM/DMARC)

      MyTEC offers DKIM (Domain Keys Identified Mail) and DMARC (Domain-based Message Authentication, Reporting & Conformance) for signing outbound emails from MyTEC when you have to set up an external email domain on your MyTEC. Using an email service that supports these features allows you to stop email spoofing.

      Device Tracking

      MyTEC tracks the devices used to sign in to each user account. When someone signs into an account from a new device, it is added to the device list in that user's profile. That user can get an email notification when a new device is added, and should follow-up if the activity seems suspicious. Suspicious sessions can be terminated from the agent UI.

      Redacting Sensitive Data

      Manual redaction provides the ability to redact, or remove sensitive data in Support ticket comments, and securely delete attachments so that you can protect confidential information. The data is redacted from tickets via the UI or API to prevent sensitive information from being stored in MyTEC.

      Automatic redaction provides the ability to automatically redact strings of numbers that match a valid credit card primary account number (CC PAN), which match a Luhn check in both Support and Chat.

      Spam Filter for Help Center

      MyTEC’s spam filtering service can be used to prevent end-user spam posts from being published in your Help Center.

Human Resources Security

  • Security Awareness
    • Policies

      MyTEC has developed a comprehensive set of security policies covering a range of topics. These policies are shared with and made available to all employees and contractors with access to MyTEC information assets.


      All employees attend a Security Awareness Training, which is given upon hire and annually thereafter. All engineers receive annual Secure Code Training. The Security team provides additional security awareness updates via email, blog posts, and in presentations during internal events.

  • Employee Vetting
    • Background Checks

      MyTEC performs background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. The background check includes criminal, education, and employment verification. Cleaning crews are included.

      Confidentiality Agreements

      All new hires are required to sign Non-Disclosure and Confidentiality agreements.