Vigilance
We constantly challenge our own security & safeguards with sophisticated penetration tests and a responsible disclosure rewards program.
SSDLC Framework
Our software lifecycle is security-focused. We consider security at every stage of the product development process.
Data Minimization
Our policy is to collect the bare minimum amount of data necessary to fulfill requests or prepare reports for an upcoming audit.
Complexities of Privacy Tech and Regulation in a Data-Saturated Reality
Required Access
It is an inherent requirement to grant access across your tech stack in order to discover and map personal data across it, as well as execute data subject access and erasure requests. We hold ourselves to the most stringent security standards with any type of access or connection.
Sensitive Data
Consumers have the right to download personal information you have about them under data privacy regulations. To protect this data, we ensure it is not intercepted in transit and that it is only sent to the right person.
Compliance, Security & Regulatory Standards
Security Tools We Use
Frequently asked questions
- Our Site Reliability Engineers (SRE) are tasked with the operational aspects of our business and ensure information security.
- All machines that run our infrastructure are kept up to date and patched automatically. Software installations are strictly limited and controlled. Access to these machines is restricted only to relevant members of the teams.
- Our organization’s Development, Test, and Operational systems are separated.
- We enforce best practices such as: encryption of storage media, using two-factor authentication (2FA), requiring strong passwords, and more such as configuring systems to lock after a short period of time. Additionally, all communication is done through securely encrypted channels using modern, strong encryption.
- All staff machines must comply with our Confidentiality Policy which includes a requirement to “take all reasonable measures to protect security and prevent unauthorized access or disclosure of all confidential information”.
- We provide periodic security training and tests for all employees.
- Our office has 24-hour security, cameras, and requires a biometric lock to access.
- We have a thorough employee termination/access removal process