At Dealtale, we understand that our security is extremely important for our customers. This page describes the measures we employ to ensure that your data is safe. If you have any questions, please don’t hesitate to contact us.
Dealtale has an undergoing SOC 2 Type II review, attesting that our risk management, software development, and security practices meet a rigorous standard of oversight and that our organization supports these goals. Customers can be confident that the product and services Dealtale provides are mature, robust, and secure. Our SOC 2 Type II undergoing process also means that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed.
Dealtale has achieved International Organization for Standardization (ISO) certification for information security management: ISO/IEC 27001:2013.
Dealtales’ physical infrastructure is hosted and managed on Amazon Web Services data centers and utilizes Amazon’s technology. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, satisfy compliance requirements for virtually every regulatory agency around the globe.
For more information, please see: https://aws.amazon.com/compliance/
Dealtale ensures the security and privacy of user information by encrypting data on all servers at rest and in transit. Our systems are designed to ensure data is protected at all times. Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit.
All data in transit is encrypted on our platform. We use SSL/TLS encryption on our web assets to ensure the highest security and data protection standards. We regularly verify and renew our security certificates and encryption algorithms to keep your data safe. We also perform external perimeter scans to ensure our posture.
All at-rest sensitive user data is encrypted. We use the industry-standard encryption at the storage level.
Dealtale is the administrator of its infrastructure. Only designated and authorized Dealtale operations team members who use two-factor authentication are able to access the infrastructure.
We’ve protected and tested backups of our database and keep doing it regularly.
Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied, and only explicitly allowed ports and protocols are allowed based on business requirements.
At Dealtale, we enforce SSO and MFA authentication to all our internal services and applications.
Dealtale is built as a single-page app, with a REST API backend server. Each user is identified with a unique session. Each request to the API server is first checked for the right scope in order to validate that a user is allowed to invoke the API. All API requests are scoped to the minimal required permission.
Dealtale contracts with an independent, third-party agency to conduct annual black box and white box penetration testing and provides access to the platform and a high-level application architecture diagram. We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of Dealtale. Information about any security vulnerabilities discovered through testing is used to establish mitigation and remediation priorities. A penetration test findings summary is available to enterprise customers upon request.
We also monitor our product for security vulnerabilities automatically with external tools and auditors.
All system access and customer access are logged and tracked for auditing purposes internally and can be reviewed in case of an incident.
Dealtale has constructed incident response and notification procedures. We have a CTO/CISO that is in charge of responding to security incidents and mitigating risks.
In order to help ensure that Dealtale employees are aligned with the security practices and aware of their duties, Dealtale conducts information security awareness campaigns. Our engineering, security research and operation teams keep their security best practices up to date and have online and in-person sessions about new threats in the cybersecurity world.
If you find a bug or security issue on our platform or website, please let us know about it by sending an immediate email to [email protected]
If you have any further questions please contact [email protected]
Updated 7 months ago