Security and Privacy

Safeguarding your data and privacy

At Crowd, we prioritize the security and privacy of your company's information. This commitment is reflected in our robust security practices and policies. This page provides insights into our security measures, assuring you that your data is handled responsibly and securely. Security Policies Our comprehensive suite of information security policies covers key areas such as: - Information security roles and responsibilities. - Access control and operations security. - Business continuity and disaster recovery. - Secure development and third-party management. - incidence response These policies are regularly reviewed and updated by our management team, with all team members annually reviewing and agreeing to adhere to them. Testing and Review To ensure the robustness of our security: - We conduct penetration tests annually. - All changes to our software undergo a rigorous code review process. - Our CI/CD pipeline includes extensive tests and vulnerability scans. Encryption and Data Handling - All-access to our platform is through HTTPS-encrypted connections. - Our production database is encrypted at rest. The connection is encrypted and authenticated using AES_128_GCM and uses X25519 as the key exchange mechanism. - Credit card processing is handled by Stripe and Chargebee with credit card details not stored on our servers. Please see https://stripe.com/docs/security/ and https://www.chargebee.com/security for more information about their security commitment and PCI compliance. - We can delete your credit cards on these platforms upon request Image Storage and Backups - Your images are securely hosted on Cloudinary with secure URLs. See Cloudinary's security policy for more information. - Database backups are encrypted and retained for specific durations. - Point-in-time recovery is facilitated through continuous backups. Hosting - We're hosted on Digital Ocean's App Platform, a secure Platform-as-a-Service. Check Digital Ocean's security policy for details. They uphold high-security standards, ensuring a reliable environment for Crowd. Availability and Uptime - Our platform ensures high availability with continuous monitoring for swift responses. Check our status page for real-time updates during any unforeseen challenges. - Our historical uptime exceeds 99%. - Engineers maintain a 24/7/365 on-call rotation to ensure accessibility globally. Privacy and Compliance - We are proud to be GDPR and CCPA-compliant, ensuring security availability. Check our privacy policy. - Explore the terms that govern your experience on Crowd by reviewing our Terms of Service. - Explore the rules that protect your privacy on Crowd by checking out our Privacy Policy Sub-Processors Crowd utilizes data sub-processors to enhance our service delivery. You can access the complete list of sub-processors and their security details here. Employee Security - Team members undergo annual security awareness training. - Background checks are performed on all new team members. - The principle of least privilege is followed in identity and access management. Questions and Reporting Vulnerabilities If you have any security-related questions or believe you've found a vulnerability, contact our Security Team at support@crowdapp.io At Crowd, your data is not just a responsibility; it's our commitment to keeping it secure and private.