Terms of Service
Information Security Program
We have a robust Information Security Program in place, communicated across the organization, and aligned with the SOC 2 Framework standards established by the American Institute of Certified Public Accountants (AICPA).
Third-Party Audits
Our security and compliance controls undergo regular independent third-party assessments to ensure effectiveness.
Third-Party Penetration Testing
We conduct annual independent third-party penetration tests to safeguard the security of our services.
Roles and Responsibilities
Roles and responsibilities related to information security and the protection of customer data are clearly defined, documented, and reviewed by all team members.
Security Awareness Training
All team members complete regular security awareness training, covering best practices and key topics like phishing and password management.
Confidentiality
Team members must sign and adhere to a confidentiality agreement before starting their role.
Background Checks
We perform background checks on all new team members in compliance with local regulations.
Cloud Security
Cloud Infrastructure Security
Our services are hosted on Google Cloud Platform (GCP), which implements robust security programs with multiple certifications. For more information, visit GCP Security.Data Hosting Security
All data is hosted on GCP databases, located in the United States. Refer to GCP documentation for more details.Encryption at Rest
Databases are encrypted at rest.Encryption in Transit
Applications use TLS/SSL encryption for data in transit.Vulnerability Scanning
We perform regular vulnerability scanning and threat monitoring.Logging and Monitoring
We actively monitor and log activities across our cloud services.
Business Continuity and Disaster Recovery
We utilize GCP’s backup services to minimize the risk of data loss and have monitoring systems in place to quickly detect failures.
Incident Response
Our incident response process includes escalation procedures, rapid mitigation, and communication in case of security events.
Access Security
Permissions and Authentication
Access to sensitive tools and cloud infrastructure is restricted to authorized employees. We employ Single Sign-On (SSO), two-factor authentication (2FA), and strong password policies for added protection.Least Privilege Access Control
We adhere to the principle of least privilege for identity and access management.Access Reviews
Periodic reviews of access permissions are conducted for team members with access to sensitive systems.Password Requirements
All employees must meet minimum password complexity requirements.Password Managers
Company-issued laptops are equipped with password managers to maintain password security.
Vendor and Risk Management
Annual Risk Assessments
We conduct at least one risk assessment per year to identify potential threats, including fraud.Vendor Risk Management
We evaluate vendor risk and perform necessary reviews before engaging new vendors.