Security Hub
Security - The Foundation of Trust
Our security practices are based on industry-leading standards and are audited annually. Our security framework includes policies and procedures, Application & Data Security, Cloud and Infrastructure security, Endpoint security & Incident response.
Below, we detail the steps and procedures we take to keep our data, and that of our customers, safe and secure at all times.
Application & Data Security
.svg){kind=icon}
Penetration Testing
We conduct penetration tests using external vendors at least once every 12 months to identify and address vulnerabilities.
Attack Prevention
We utilize Anti-DDoS protection and a Web Application Firewall (WAF) to safeguard against malicious attacks.
Data In Transit
All traffic transferred to Anecdotes is encrypted over https using TLS 1.2 and above, ensuring data integrity and privacy.
Data At Rest
Data is encrypted in our databases using AES 256-bit encryption by default, providing robust protection for stored information.
End-Point Security
Malware Protection
All devices are fully protected by our endpoint detection and response platform, offering real-time threat detection and remediation.
Mobile Device Management
Devices are fully managed, including security patch management, policies, and other best practices to ensure comprehensive protection.
Cloud Security
.svg){kind=icon}
Infrastructure Compliance
We use multi-layered controls to protect our infrastructure, constantly monitoring and improving our systems to meet growing security demands. We rely on Google Cloud Platform (GCP), a highly-regulated and compliant data center that meets stringent regional and international certification requirements.
Asset Management and Ownership
Access to production infrastructure is limited to the minimum number of individuals, based on a least-privilege and need-to-know basis, ensuring only authorized personnel can access sensitive data.
General
Hiring
The Anecdotes’ screening process involves comprehensive background checks and personal interviews conducted by HR hiring managers. Where applicable, additional background checks are performed in accordance with local laws.
Security Training
New employees undergo a rigorous onboarding process that includes detailed explanations of security guidelines, expectations, and code of conduct. All Anecdotes employees participate in annual security awareness training to ensure they remain informed about the latest security practices and threats.
Our Commitment to Trust
As a leading Security Compliance provider, we understand that working in a cloud-based environment may raise concerns about the confidentiality and protection of sensitive data. Anecdotes' security mechanisms protect all network and application components of our platform. Our transparency in security policies and processes enables brands to trust us with their most confidential data.
This trust is the foundation on which our customers leverage the business benefits of our SaaS solution.
To learn more about the measures we take to maintain a strong foundation of trust and security, please contact us at: security@anecdotes.ai
Frequently Asked Questions
Have questions? We’ve got answers. If you can’t find what you're looking for, feel free to get in touch.
Customers using an IDP solution within their organization can connect it to the Anecdotes OS. Anecdotes works with SAML 2.0 standard for SSO.
Yes, Data at rest is encrypted using AES256 bit, while Data in transit is encrypted over TLS 1.3.
Anecdotes stores its data within the US using GCP.
Anecdotes collects and processes data in accordance with specific data permissions provided by you – our Client. Some of the main categories are name, address, e-mail address, phone number, company name, industry, website URL, IPs, devices names. In addition, list of vendors and a sample of customers list. While some Clients might upload Personal Data of their own customers, however Anecdotes does not process such Data.
Yes we do, please see attached our DPA in which we commit to operate in accordance with applicable laws.
Client data will be deleted after expiration/termination of the services, all in accordance with the Terms of Use and Anecdotes policies. Additionally, Client may make a specific deletion written request at any time.
Yes, Anecdotes has a dedicated security team.
Yes, Anecdotes has a DPA.
Please see the link
Anecdotes acts as Data Processor, and the Client acts as a Data Controller, in respect to data provided by customers. Anecdotes will only process data for the purposes of providing the service to its Clients and will act on the Client’s instructions.
Anecdotes has a well-maintained and up-to-date incident response policy and stay on top of security developments through the expertise of our own people and the advice of leading external legal and professional services consultants. We would report data breaches in accordance with our legal obligations.
As a default - employees do not access customers’ data, however - if needed, the access will be done only by those specifically authorized personnel who their access is required in order to providesuccessful delivery, operation and service to the Clients may access data.
All of our personnel are bound by strict duties of confidentiality and are required to undergo periodic training courses on information security, GDPR compliance, and other applicable regulations. We also appointed DPO for monitoring and advising on ongoing privacy and compliance matters.
If you have any questions that haven’t been answered, please feel free to reach out to us. Security is at the core of everything we do and we’re super happy to share any relevant information regarding our security practices and philosophy.
