At SigParser, our #1 priority is to make make sure our platform is secure and you can trust us with your sensitive email data. Here are some highlights of things we do to keep our platform and all data highly secure:
- We will never share or sell customer data
- We are certified as SOC2 Type II compliant by independent auditor, Johanson Group LLP
- All of our technology, practices, and vendor technologies are GDPR compliant
- All of our applications are run in a highly secure environment managed by AWS
- We have completed penetration testing conducted by Leviathan
- All data we transmit is encrypted using industry standard TLS 1.2 encryption
- All data we store is encrypted at rest using industry standard AES-256 encryption
- Customers can choose to delete their account and all related data
- Customers can view our continuously updated SOC2 Gap Assessment
- We can send you a whitepaper on our security practices (email security (at) sigparser.com)
We never sell your data
We will never sell the data we extract for you to other companies. You are the owner of your data.
There are some other products out there similar to SigParser that do sell your data. You should watch out for those. Read their terms of service. Even some products that you pay for will take your data and sell it. Google’s security audit process has done a good job of shutting off some of these services but not all of them.
SOC2 Compliance by Vanta
We have engaged Vanta to certify that we are SOC2 compliant and continually monitor our compliance.
If you have questions about SOC2 compliance, you can learn more here
Amazon Web Services
We run our servers in Amazon run data centers called Amazon Web Services. These offer secure, reliable servers to host your most sensitive business data. Many of the companies you can think of run their services in Amazon Web Services.
Independent Security Verifications
We had Leviathan conduct a security audit most recently for us. They were one of two vendors Google required we use in order to access Gmail data. This involved a penetration test and policy and procedure review. We can provide an attestation letter of the results.
At Rest Encryption
All the data stored by SigParser is stored encrypted at rest. This includes databases and logs.
We use industry standard 256 bit SSL/TLS 1.2 support to encrypt all data traffic. We also encrypt your email credentials while at rest.
We store log data only as long as required to diagnose issues. Log data is stored encrypted at rest.
Our standard practice is to store application log entries for 60 days. This log data may contain identifying information required for diagnosing sync issues. Access to these logs is strictly controlled. These logs are cleaned automatically by AWS after 60 days.
We have other log entries that we store for longer for security purposes but these won’t contain personally identifiable information of your contacts.
SigParser has an advanced permission system which allows administrators to control exactly who has access to what data in SigParser.
Contacts Can Be Hidden
Contacts can be hidden from your other team members by making them private. Roles can control which contacts are accessible by which team members.
Remove Data When You Leave
When you leave SigParser you can have all your data deleted from the servers as long as you’re not part of a team of users. This takes a few minutes to complete but we’ll email you when it completes. It just takes a button click within the application. If you need to delete a team worth of data then you need to email us or every team member needs to delete their account. The last team member to delete their account will cause the database to be deleted.
If you want to know more about our security, we’re happy to provide you with our detailed security overview. It details everything about our security practices. It is very technical but valuable for knowing how hard we’re working on security. Contact us to get the paper.