Terms of Service

Information Security Program
We have a robust Information Security Program in place, communicated across the organization, and aligned with the SOC 2 Framework standards established by the American Institute of Certified Public Accountants (AICPA).

Third-Party Audits
Our security and compliance controls undergo regular independent third-party assessments to ensure effectiveness.

Third-Party Penetration Testing
We conduct annual independent third-party penetration tests to safeguard the security of our services.

Roles and Responsibilities
Roles and responsibilities related to information security and the protection of customer data are clearly defined, documented, and reviewed by all team members.

Security Awareness Training
All team members complete regular security awareness training, covering best practices and key topics like phishing and password management.

Confidentiality
Team members must sign and adhere to a confidentiality agreement before starting their role.

Background Checks
We perform background checks on all new team members in compliance with local regulations.

Cloud Security

  • Cloud Infrastructure Security
    Our services are hosted on Google Cloud Platform (GCP), which implements robust security programs with multiple certifications. For more information, visit GCP Security.

  • Data Hosting Security
    All data is hosted on GCP databases, located in the United States. Refer to GCP documentation for more details.

  • Encryption at Rest
    Databases are encrypted at rest.

  • Encryption in Transit
    Applications use TLS/SSL encryption for data in transit.

  • Vulnerability Scanning
    We perform regular vulnerability scanning and threat monitoring.

  • Logging and Monitoring
    We actively monitor and log activities across our cloud services.

Business Continuity and Disaster Recovery
We utilize GCP’s backup services to minimize the risk of data loss and have monitoring systems in place to quickly detect failures.

Incident Response
Our incident response process includes escalation procedures, rapid mitigation, and communication in case of security events.

Access Security

  • Permissions and Authentication
    Access to sensitive tools and cloud infrastructure is restricted to authorized employees. We employ Single Sign-On (SSO), two-factor authentication (2FA), and strong password policies for added protection.

  • Least Privilege Access Control
    We adhere to the principle of least privilege for identity and access management.

  • Access Reviews
    Periodic reviews of access permissions are conducted for team members with access to sensitive systems.

  • Password Requirements
    All employees must meet minimum password complexity requirements.

  • Password Managers
    Company-issued laptops are equipped with password managers to maintain password security.

Vendor and Risk Management

  • Annual Risk Assessments
    We conduct at least one risk assessment per year to identify potential threats, including fraud.

  • Vendor Risk Management
    We evaluate vendor risk and perform necessary reviews before engaging new vendors.

166 Geary St. Suite 1500

San Francisco, CA 94108

P: 415-715=9492


©Sapien Ai, Inc. 2017-2024 🇺🇸

166 Geary St. Suite 1500

San Francisco, CA 94108

P: 415-715=9492


©Sapien Ai, Inc. 2017-2024 🇺🇸

166 Geary St. Suite 1500

San Francisco, CA 94108

P: 415-715=9492


©Sapien Ai, Inc. 2017-2024 🇺🇸