Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices we have put in place to achieve that objective.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers; instead, our service is built on Google Cloud Platform, which provides strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about GCP security practices here: Google Cloud Platform.
Our network security architecture consists of multiple security zones. We monitor and protect our network, to make sure no unauthorized access is performed using:
Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). We maintain an A+ rating from ssllabs.
Encryption at rest: All our user data (including passwords) is encrypted using battle-hardened encryption algorithms.
We back up all of our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
Dataform is committed to working with security experts across the world to stay up to date with the latest security techniques. As we are part of Google, please check out our common rules of engagement, eligibility and security contact for reporting vulnerabilities at https://www.google.com/about/appsecurity/reward-program/.
All user authentication is safely outsourced to Auth0. You can find more information on Auth0 security at auth0.com/security.
We’re compliant with the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply with GDPR.
If your data is subject to PCI requirements, please contact us at firstname.lastname@example.org.
If your data is subject to HIPAA requirements, please contact us at email@example.com.
All payment instrument processing is safely outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We do not collect any payment information and are therefore not subject to PCI obligations.