Security Overview

At Dealtale, we understand that our security is extremely important for our customers. This page describes the measures we employ to ensure that your data is safe. If you have any questions, please don’t hesitate to contact us.

SOC 2 Type II

Dealtale has an undergoing SOC 2 Type II review, attesting that our risk management, software development, and security practices meet a rigorous standard of oversight and that our organization supports these goals. Customers can be confident that the product and services Dealtale provides are mature, robust, and secure. Our SOC 2 Type II undergoing process also means that we can proactively monitor, identify and address any unusual activity, remediate it with deep contextual insight, and take corrective action, if and when it is needed.

ISO/IEC 27001:2013

Dealtale has achieved International Organization for Standardization (ISO) certification for information security management: ISO/IEC 27001:2013.

Physical Security

Dealtales’ physical infrastructure is hosted and managed on Amazon Web Services data centers and utilizes Amazon’s technology. AWS supports more security standards and compliance certifications than any other offering, including PCI-DSS, HIPAA/HITECH, FedRAMP, GDPR, FIPS 140-2, and NIST 800-171, satisfy compliance requirements for virtually every regulatory agency around the globe.

For more information, please see: https://aws.amazon.com/compliance/

Data Encryption

Dealtale ensures the security and privacy of user information by encrypting data on all servers at rest and in transit. Our systems are designed to ensure data is protected at all times. Specifically, we’re using TLS v1.2 with strong ciphers to protect data in transit.

In Transit

All data in transit is encrypted on our platform. We use SSL/TLS encryption on our web assets to ensure the highest security and data protection standards. We regularly verify and renew our security certificates and encryption algorithms to keep your data safe. We also perform external perimeter scans to ensure our posture.

At Rest

All at-rest sensitive user data is encrypted. We use the industry-standard encryption at the storage level.

Logical Access

Dealtale is the administrator of its infrastructure. Only designated and authorized Dealtale operations team members who use two-factor authentication are able to access the infrastructure.

Protected and Tested Backups

We’ve protected and tested backups of our database and keep doing it regularly.

Network Security

Firewalls are utilized to restrict access to systems from external networks and between systems internally. By default, all access is denied, and only explicitly allowed ports and protocols are allowed based on business requirements.

Application Security

At Dealtale, we enforce SSO and MFA authentication to all our internal services and applications.

Role Based Access Control (RBAC)

Dealtale is built as a single-page app, with a REST API backend server. Each user is identified with a unique session. Each request to the API server is first checked for the right scope in order to validate that a user is allowed to invoke the API. All API requests are scoped to the minimal required permission.

External Security Audits and Penetration Tests

Dealtale contracts with an independent, third-party agency to conduct annual black box and white box penetration testing and provides access to the platform and a high-level application architecture diagram. We work closely with industry leaders in web app and infrastructure security who perform penetration tests and audits of Dealtale. Information about any security vulnerabilities discovered through testing is used to establish mitigation and remediation priorities. A penetration test findings summary is available to enterprise customers upon request.

We also monitor our product for security vulnerabilities automatically with external tools and auditors.

System and Application Log Collection

All system access and customer access are logged and tracked for auditing purposes internally and can be reviewed in case of an incident.

Incident Response and Management

Dealtale has constructed incident response and notification procedures. We have a CTO/CISO that is in charge of responding to security incidents and mitigating risks.

Security Awareness and Training

In order to help ensure that Dealtale employees are aligned with the security practices and aware of their duties, Dealtale conducts information security awareness campaigns. Our engineering, security research and operation teams keep their security best practices up to date and have online and in-person sessions about new threats in the cybersecurity world.

Privacy Policy

Learn more about our privacy policy at https://dealtale.com/privacy-policy/

Report Security Issues

If you find a bug or security issue on our platform or website, please let us know about it by sending an immediate email to [email protected]

If you have any further questions please contact [email protected]