Start a targeted assessment

Start a targeted assessment

Color Shade

Trust Center

We’re not in the business of selling data

Your privacy and security equal our success.

SOC 2 Type II certified
SOC 2 Type II certified
SOC 2 Type II certified
ISO/IEC 27001:2022 certified
ISO/IEC 27001:2022 certified
ISO/IEC 27001:2022 certified
CCPA compliant
CCPA compliant
CCPA compliant
GDPR compliant
GDPR compliant
GDPR compliant

We take privacy and security seriously

Your trust keeps us in business, so we do everything we can to protect and preserve your privacy and security. This means we never sell or distribute your data. We don’t gather data outside of our agreed-upon scope. And when the engagement ends, we delete the data.

When you entrust us with your data, we treat it right. Data integrity is one of our highest priorities because dirty data never helped anybody. And if you’re worried about a cybersecurity attack, our penetration tests have been described as some of “the cleanest tests we’ve ever done” by our technology security vendor.

We don’t make the rules when it comes to privacy and security, but we follow them really well. We work to maintain or exceed compliance with our SOC 2 Type II and ISO/IEC 27001:2022 audits so you can feel at ease with your data in our hands.

This is how we protect you

This is how we protect you

Trusted enterprise privacy and security

Trusted enterprise privacy and security

Privacy

We are transparent about our data collection practices and offer consumers control over their personal data.

We only use consumer data for the stated purposes for which it was collected.

Security

We regularly evaluate and update our security practices to meet or exceed SOC 2 Type II standards and ensure the ongoing security of our infrastructure.

We use a third-party technology security vendor to conduct an annual penetration test to evaluate the strength of our controls and processes.

We employ robust security measures, including access controls, encryption, and regular security audits and updates to maintain the security and reliability of our application.

Related resources

Related resources

Related resources

Learn how we protect your data.

Learn how we protect your data.

Privacy Policy

Learn more

Privacy Policy

Learn more

Privacy Policy

Learn more

Data Processing Addendum (DPA)

Learn more

Data Processing Addendum (DPA)

Learn more

Data Processing Addendum (DPA)

Learn more

California Consumer Privacy Act (CCPA)

Learn more

California Consumer Privacy Act (CCPA)

Learn more

California Consumer Privacy Act (CCPA)

Learn more

GDPR Compliance

Learn more

GDPR Compliance

Learn more

GDPR Compliance

Learn more

Terms of Use

Learn more

Terms of Use

Learn more

Terms of Use

Learn more

Cookie policy

Learn more

Cookie policy

Learn more

Cookie policy

Learn more

SOC II Security

Request a copy

SOC II Security

Request a copy

SOC II Security

Request a copy

SO/IEC 27001:2022

View certificate

SO/IEC 27001:2022

View certificate

SO/IEC 27001:2022

View certificate

Common questions

Common questions

Where do you store the data?

Chassi has located its production environment within the US-East-1 (N. Virginia) region of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). The customer-facing application runs on servers that are physically and logically secured from other components of the Chassi corporate infrastructure. AWS provides serverless technology architecture and short term and long-term data storage. Data center facilities undergo regular SOC 2 Type 2 audits.

What do you do to protect the data from cybersecurity attacks?

• Web Development Best Practices • Development Environment Authentication • Strong Network Access Controls • Protection Against Injection Attacks • OWASP Top10 Defenses • Knowledgeable Security Professionals

Is the data encrypted?

All sensitive data transmitted and processed within Chassi’s production environment is encrypted to protect sensitive data against third-party disclosure in transit and at rest (stored and backup) using strong encryption technologies.

How do you manage who has access to the data?

• User access lists for applications, network storage, root accounts and databases are reviewed on a regular basis. • Security training: • Chassi maintains a security awareness program through various mechanisms including: • The security assurance application which publishes and tracks employee training • Annual information security awareness training • Antivirus is installed on all workstations. • Suspicious activity trigger alerts are sent to responsible information security staff.

Do you touch the general ledger?

No. We don’t touch the GL or any financials. There are no write features to the application.

What if engagement ends?

At the end of the Health Check or engagement, we delete the data. That’s it.

Where do you store the data?

Chassi has located its production environment within the US-East-1 (N. Virginia) region of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). The customer-facing application runs on servers that are physically and logically secured from other components of the Chassi corporate infrastructure. AWS provides serverless technology architecture and short term and long-term data storage. Data center facilities undergo regular SOC 2 Type 2 audits.

What do you do to protect the data from cybersecurity attacks?

• Web Development Best Practices • Development Environment Authentication • Strong Network Access Controls • Protection Against Injection Attacks • OWASP Top10 Defenses • Knowledgeable Security Professionals

Is the data encrypted?

All sensitive data transmitted and processed within Chassi’s production environment is encrypted to protect sensitive data against third-party disclosure in transit and at rest (stored and backup) using strong encryption technologies.

How do you manage who has access to the data?

• User access lists for applications, network storage, root accounts and databases are reviewed on a regular basis. • Security training: • Chassi maintains a security awareness program through various mechanisms including: • The security assurance application which publishes and tracks employee training • Annual information security awareness training • Antivirus is installed on all workstations. • Suspicious activity trigger alerts are sent to responsible information security staff.

Do you touch the general ledger?

No. We don’t touch the GL or any financials. There are no write features to the application.

What if engagement ends?

At the end of the Health Check or engagement, we delete the data. That’s it.

Where do you store the data?

Chassi has located its production environment within the US-East-1 (N. Virginia) region of the Amazon Web Services (AWS) Elastic Compute Cloud (EC2). The customer-facing application runs on servers that are physically and logically secured from other components of the Chassi corporate infrastructure. AWS provides serverless technology architecture and short term and long-term data storage. Data center facilities undergo regular SOC 2 Type 2 audits.

What do you do to protect the data from cybersecurity attacks?

• Web Development Best Practices • Development Environment Authentication • Strong Network Access Controls • Protection Against Injection Attacks • OWASP Top10 Defenses • Knowledgeable Security Professionals

Is the data encrypted?

All sensitive data transmitted and processed within Chassi’s production environment is encrypted to protect sensitive data against third-party disclosure in transit and at rest (stored and backup) using strong encryption technologies.

How do you manage who has access to the data?

• User access lists for applications, network storage, root accounts and databases are reviewed on a regular basis. • Security training: • Chassi maintains a security awareness program through various mechanisms including: • The security assurance application which publishes and tracks employee training • Annual information security awareness training • Antivirus is installed on all workstations. • Suspicious activity trigger alerts are sent to responsible information security staff.

Do you touch the general ledger?

No. We don’t touch the GL or any financials. There are no write features to the application.

What if engagement ends?

At the end of the Health Check or engagement, we delete the data. That’s it.

Empower your growth strategy with Chassi

Clarity in days with read-only connections and minimal lift.

Start a targeted assessment

Start a targeted assessment