Overview
| Facilities | SimX utilizes AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant. Compliance at AWS.
AWS infrastructure services include backup power, HVAC systems, and fire suppression equipment. Data Center Controls at AWS. |
| Physical Security | AWS on-site security is robust, including security guards, fencing, security feeds, intrusion detection technology, and other security measures. Learn about AWS physical security. |
| Data Hosting Locations | SimX leverages AWS data centers in the United States. |
| Vendor Security | SimX performs security reviews on all vendors with any level of access to our systems or SimX Data. |
| Network Protection | SimX’s network is protected through the use of key AWS security services and third party security services, regular audits, and network intelligence technologies, which monitor and/or block known malicious traffic and network attacks. |
| Network Vulnerability Scanning | SimX is constantly monitoring for quick identification of out-of-compliance or potentially vulnerable systems. |
| Third-Party Penetration Testing | SimX employs third-party security experts to perform a broad penetration test across the SimX Production and Corporate environments (inclusive of SimX products) on an annual basis. |
| Intrusion Detection/Prevention | SimX service ingress and egress points are monitored 24/7 to detect anomalous behavior. These systems are configured to generate alerts when incidents and values exceed predetermined thresholds and use regularly updated threat signatures. |
| Access Control | Access to the SimX Production environment is restricted on an explicit need-to-know basis, utilizes least privilege, and is frequently audited and monitored. MFA is required for access to the SimX Production environment. |
| Security Incident Response | In case of a system alert, events are escalated to our 24/7 teams providing comprehensive incident response coverage. |
| Encryption In Transit | All communications with SimX are encrypted via industry standard HTTPS/TLS (TLS 1.2 or higher) over public networks. This ensures that all traffic between you and SimX is secure during transit. |
| Encryption at Rest | At rest, all SimX Data is encrypted in AWS, via AES-256 key encryption. |
| Dynamic Vulnerability Scanning | SimX employs third-party security tooling to continuously and dynamically scan against common security risks, including, but not limited to the OWASP Top 10 security risks. |
| Software Composition Analysis | We scan the libraries and dependencies used in SimX’s products to identify vulnerabilities and ensure the vulnerabilities are managed. |
| Employee Background Checks | SimX Employees are background checked upon hire and background checks are updated as needed. SimX conducts regular exclusion screening. |
| Confidentiality | All SimX employees and contractors with access to production systems sign confidentiality agreements. |
| AI | SimX’s AI features currently rely on OpenAI. SimX does not allow any SimX customer data to be used for training purposes. |
| SimX Privacy Policy | SimX’s Privacy Policy can be found here. |
| SimX Terms of Service | SimX’s Terms of Service can be found here. |
Last Updated
January 26, 2026