GDPR
CCPA
PCI DSS
SOC 2 Type II
SOX
Availability and Integrity Monitoring
Continuously tracks system performance and integrity to ensure service continuity.
Network Firewalls & Segmentation
Uses firewalls and network segmentation to control and protect data traffic.
Detection Tools
Implements advanced tools for real-time threat detection and response.
Vulnerability Management
Regularly scans and addresses vulnerabilities to maintain system security.
Security Information and Event Management (SIEM)
Collects, centralizes and analyzes security logs for effective threat management.
Dedicated Incident Response Team
A dedicated team to handle, investigate and solve security incidents.
Yearly Third-Party Independent Audits
External and internal penetration tests are conducted annually by third-party audit firms.
Yearly Mandatory Training
Annual training for all employees and additional role-specific training.
Internal Risk Assessments
Regular assessments to identify and mitigate internal risks.
Separate PII and PCI environments
Dedicated environments for processing and storing PII and PCI data.
Encryption at Rest & in Transit
Protects data both when stored and during transmission.
Backups Enabled
Regular backups to ensure data recovery in case of loss.
Access Monitoring
Continuous monitoring of data access to prevent unauthorized use.
Standard Data Retention
Adheres to standard data retention policies with customizable options.
Data Lifecycle Policies
Policies to govern, amongst others, data handling, storage, retention and access.
Data Privacy Officer
A dedicated officer to oversee privacy practices.
Employee Privacy Training
Training programs to ensure employees understand privacy requirements.
Exercise Data Privacy Rights
Mechanisms to answer data access requests, including but not limited to deletion and correction. See Privacy Policy.
Record of Processing Activities
Detailed records of data processing activities.
Global Privacy Compliance Program
Global Privacy Compliance Program to ensure our compliance with GDPR, CCPA, and all other data privacy compliance regulations we may be subject to.
Bug Bounty Program
Encourages external researchers to find and report vulnerabilities through our HackerOne Program.
SAST and DAST Testing
Utilizes static and dynamic analysis to identify security issues.
Open Source Vulnerability Management
Manages and mitigates vulnerabilities in open source components.
Developer Training
Provides training to developers on secure coding practices.
Disk Encryption
Encrypts data on disks to protect against unauthorized access.
Endpoint Detection & Response (EDR)
Monitors and responds to threats on endpoints.
Mobile Device Management
Manages and secures mobile devices accessing our systems.
Device Posture Assessment
Evaluates device security status before granting access.
Multi-Factor Authentication (MFA) and SSO
Requires MFA and Single Sign-On for sensitive applications.
Passwordless Authentication
Supports passwordless options to enhance security.
Least Privilege
Grants the minimum level of access necessary for each user.
Zero Trust Network Access
Adopts a zero trust model for secure network access.
Logging and Monitoring
Maintains logs and monitors access for security oversight.
Quarterly Access Reviews
Conducts reviews every quarter to ensure access controls remain effective.