Security
At Engagespot, security is a top priority. We understand that our customers entrust us with their sensitive data including their users personal identifiable information (PII), and we take that responsibility very seriously. That's why we have implemented a comprehensive set of security policies and procedures to protect our customers' data from unauthorized access, use, and disclosure. In this document, we outline our security policies for our API product, including the measures we have in place to ensure the confidentiality, integrity, and availability of your data. We encourage you to read through this document carefully and contact us if you have any questions or concerns.
Security Certifications
We are in the process of getting our SOC, GDPR and HIPPA Compliance certifications. We're regularly auditing our systems and implemented the highest level of security policies. If you'd like to know about our infrastructure security setup, please let us know at security['at']engagespot.co
Here are some of the security policies we follow at Engagespot.
- We have implemented the principles around least privilege. We limit access to production data for our employees.
- All our data is encrypted at rest, and uses strong TLS encryption for data in transit.
- We strictly review our code to find any security vulnerabilities before it goes to production.
- All our logins are protected by 2FA. 2FA is enforced for all employees at Engagespot.
- Your user's PII is safe within our encrypted databases.
Responsible Disclosure
At Engagespot, we are committed to ensuring the security of our API product and the data it handles. We recognize the value of the security research community in helping us identify and address vulnerabilities in our systems. If you believe you have discovered a security vulnerability in our API product, we encourage you to report it to us via security['at']engagespot.co. Our responsible disclosure program provides clear guidelines for reporting security vulnerabilities, and we promise to work with you to understand and address the issue as quickly as possible. We ask that you refrain from public disclosure of the vulnerability until we have had sufficient time to investigate and address it. We appreciate your help in keeping our API product and our customers' data secure.