fbpx

We don’t make money selling your data

Your privacy and security equal our success. (It’s also just the right thing to do.)

We take your security and privacy seriously

Your trust keeps us in business, so we do everything we can to protect and preserve your privacy and security. This means we never sell or distribute your data. We never gather data outside of our agreed-upon scope. And when the engagement ends, we delete your data.

And when you entrust us with your or your customers’ data, we treat it right. Data integrity is one of our highest priorities because dirty data never helped anybody. And if you’re worried about a cybersecurity attack, our penetration tests have been described as some of “the cleanest tests we’ve ever done” by our technology security vendor.

We don’t make the rules when it comes to privacy and security, but we follow them really well. We work to maintain or exceed compliance with our SOC 2 Type 1 audits, so you can feel at ease with your data in our hands.

Commonly asked questions

Chassi has located its production environment within the US-East-1 (N. Virginia) region of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). The customer-facing application runs on servers that are physically and logically secured from other components of the Chassi corporate infrastructure.

AWS provides serverless technology architecture and short term and long-term data storage. Data center facilities undergo regular SOC 2 Type 2 audits.

  • Web Development Best Practices
  • Development Environment Authentication
  • Strong Network Access Controls
  • Protection Against Injection Attacks
  • OWASP Top10 Defenses
  • Knowledgeable Security Professionals

All sensitive data transmitted and processed within Chassi’s production environment is encrypted to protect sensitive data against third-party disclosure in transit and at rest (stored and backup) using strong encryption technologies.

  • User access lists for applications, network storage, root accounts and databases are reviewed on a regular basis.
  • Security training
    • Chassi maintains a security awareness program through various mechanisms including:
      • The security assurance application which publishes and tracks employee training
      • Annual information security awareness training
  • Antivirus is installed on all workstations. Suspicious activity trigger alerts are sent to responsible information security staff.

No. We don’t touch the GL or any financials. There are no write features to the application.

At the end of the Health Check or engagement, we delete the data. That’s it.