Our security program is aligned with ISO 27001
We have reviewed our security policies to make sure we are compliant with GDPR requirements. Our sub processors are certified under the E.U.-U.S. Privacy Shield.
Security within the organization
Dedicated teams for application and operational security with the full support of upper management.
Regular scans for vulnerabilities as done and third-party penetration testing is done twice per year.
Data is always encrypted at rest using AES 256 and in transit using TLS 1.2. Database backups are performed at a high frequency, encrypted at rest, and available in the event of a disaster.
Only a select few senior production support staff have access to customer data. MFA and VPN are required for access. Production data never leaves the production environment without being fully anonymized including feedback content, group names, company names etc.
Our Security Incident Response Team is well prepared to handle any incident. Our clients are notified in the event of a breach within 48 hours of being discovered.
Single Sign-On options including SAML 2.0 are available. Passwords are hashed using PBKDF2 and are salted with unique salts. Logging and auditing are meticulous and monitored.
All employees undergo a background check and have required security training and awareness. Azure Security center is used to monitor non-conformities.