You can read our security overview, know that we are GDPR compliant, but some of you will have specific security questions you'd like the answer to.
We don't have the capacity to answer and fill out every security assessment, unless you become an Enterprise customer (quote form is available here).
However, we've compiled a list of short answers to help you complete those internal security questionnaires.
β YES, absolutely!
It's a big yes to all the following questions:
Is the data encrypted in transit over HTTPS?
Is the data encrypted at rest?
Is the data hosted in the EU?
Are you compliant with the EU GDPR? UK GDPR? Swiss FADP? California CCPA?
Are passwords hashed and salted?
Do you conduct regular vulnerability scans?
Do you have a yearly external penetration test?
Do you have remote backups?
Is the database access firewalled and user-restricted?
Do you do regular software updates?
Do you have a publicly disclosed change log?
Do you monitor and disclose service uptime?
Are hardware devices on laptops encrypted?
Do you host in the cloud using Google Cloud Platform?
Is Google Cloud Platform certified SOC 2 Type 2, ISO27001 and HIPAA?
Do you provide an up-to-date list of 3rd party data processors?
Do you have legally binding documents describing your operational and security measures?
β NO, absolutely not.
And a no to these questions:
Do you store debit or credit card details? We use Stripe for that.
Do you use customer personal data to train and improve your AI?
Do you sell customer data?