Home Security and Privacy Safeguarding your data and privacy

Safeguarding your data and privacy

Last updated on Jan 31, 2024

At Crowd, we prioritize the security and privacy of your company's information. This commitment is reflected in our robust security practices and policies. This page provides insights into our security measures, assuring you that your data is handled responsibly and securely.

Security Policies

Our comprehensive suite of information security policies covers key areas such as:

  • Information security roles and responsibilities.

  • Access control and operations security.

  • Business continuity and disaster recovery.

  • Secure development and third-party management.

  • incidence response

These policies are regularly reviewed and updated by our management team, with all team members annually reviewing and agreeing to adhere to them.

Testing and Review

To ensure the robustness of our security:

  • We conduct penetration tests annually.

  • All changes to our software undergo a rigorous code review process.

  • Our CI/CD pipeline includes extensive tests and vulnerability scans.

Encryption and Data Handling

  • All-access to our platform is through HTTPS-encrypted connections.

  • Our production database is encrypted at rest. The connection is encrypted and authenticated using AES_128_GCM and uses X25519 as the key exchange mechanism.

  • Credit card processing is handled by Stripe and Chargebee with credit card details not stored on our servers. Please see https://stripe.com/docs/security/ and https://www.chargebee.com/security for more information about their security commitment and PCI compliance.

  • We can delete your credit cards on these platforms upon request

Image Storage and Backups

  • Your images are securely hosted on Cloudinary with secure URLs. See Cloudinary's security policy for more information.

  • Database backups are encrypted and retained for specific durations.

  • Point-in-time recovery is facilitated through continuous backups.

Hosting

  • We're hosted on Digital Ocean's App Platform, a secure Platform-as-a-Service. Check Digital Ocean's security policy for details. They uphold high-security standards, ensuring a reliable environment for Crowd.

Availability and Uptime

  • Our platform ensures high availability with continuous monitoring for swift responses. Check our status page for real-time updates during any unforeseen challenges.

  • Our historical uptime exceeds 99%.

  • Engineers maintain a 24/7/365 on-call rotation to ensure accessibility globally.

Privacy and Compliance

  • We are proud to be GDPR and CCPA-compliant, ensuring security availability. Check our privacy policy.

  • Explore the terms that govern your experience on Crowd by reviewing our Terms of Service.

  • Explore the rules that protect your privacy on Crowd by checking out our

    Privacy Policy

Sub-Processors

Crowd utilizes data sub-processors to enhance our service delivery. You can access the complete list of sub-processors and their security details here.

Employee Security

  • Team members undergo annual security awareness training.

  • Background checks are performed on all new team members.

  • The principle of least privilege is followed in identity and access management.

Questions and Reporting Vulnerabilities

If you have any security-related questions or believe you've found a vulnerability, contact our Security Team at support@crowdapp.io

At Crowd, your data is not just a responsibility; it's our commitment to keeping it secure and private.