Skip to content
Contact Us

Data Security Policy

EFFECTIVE 3/1/2026

1. INTRODUCTION

At Parts Portal, Inc. the security of your proprietary manufacturing data and intellectual property is our highest priority. This Data Security Policy outlines the technical and organizational measures we employ to protect the information processed within our platform. This policy applies to all data provided by our Subscribers (Manufacturers) and their Customers.

2. CLOUD INFRASTRUCTURE & RESILIENCE

Parts Portal is built on Amazon Web Services (AWS), leveraging world-class infrastructure to ensure data availability and durability.

  • Hosting Location: All production data and backups are stored within the AWS US East (Ohio) region.

  • Logical Isolation: We employ a multi-tenant architecture where data is logically isolated. This ensures that one user’s data (e.g., blueprints or rate sheets) can never be accessed by another unauthorized user.

  • High Availability: Our architecture is designed to minimize downtime, utilizing AWS native tools to monitor system health 24/7.

3. DATA ENCRYPTION

We protect data at every stage of its lifecycle:

  • In Transit: All data transmitted between your browser and our servers is encrypted using Transport Layer Security (TLS 1.2 or higher).

  • At Rest: All persistent data, including database entries and uploaded part files, is encrypted at rest using AES-256 bit encryption via AWS Key Management Service (KMS).

4. BACKUP AND DISASTER RECOVERY

We utilize AWS Relational Database Service (RDS) to ensure your data is never lost due to hardware failure or accidental deletion.

  • Frequency: Automated backups are performed daily.

  • Point-in-Time Recovery: We maintain continuous transaction logs, enabling us to restore the database to any point within our 7-day retention window.

  • Storage: Snapshots are stored incrementally in isolated, AWS-managed storage, separate from the primary database instance.

  • Validation: We periodically conduct restore tests to ensure backup integrity and recovery speed.

5. ACCESS CONTROL & IDENTITY

We follow the principle of "Least Privilege" for all system access.

  • Multi-Factor Authentication (MFA): MFA is strictly enforced for all Parts Portal administrative access to the AWS console and backend infrastructure.

  • Remote Access: No direct Remote Desktop Protocol (RDP) access to production systems is exposed publicly.

  • User Authentication: We utilize secure industry-standard protocols for user passwords and session management.

6. VULNERABILITY MANAGEMENT

  • Continuous Monitoring: AWS GuardDuty and other native security tools are used to monitor for unauthorized activity or malicious behavior.

  • Patching: We maintain a rigorous patching schedule for all software dependencies and server environments to protect against known vulnerabilities.

7. CONFIDENTIALITY OF QUOTING DATA

We recognize that manufacturing "inputs" (rates, markups, setup costs) are trade secrets.

  • Data Siloing: Your "Standard Formula" inputs are only visible to authorized users within your specific organization and are never used to influence the quotes of other platform users.

  • Staff Access: Parts Portal employees only access customer accounts for support or maintenance purposes, and all such access is logged.

8. USER RESPONSIBILITIES

Security is a shared responsibility. To maintain the integrity of the platform, users must:

  • Use strong, unique passwords and maintain the confidentiality of login credentials.

  • Log out when away from the device.

  • Notify Parts Portal immediately at admin@custompartsportal.com if they suspect a security breach or unauthorized access.

  • Adhere to the Acceptable Use Policy, specifically regarding the prohibition of ITAR-regulated data.