At SigParser, our #1 priority is to make make sure our platform is secure and you can trust us with your sensitive email data. Here are some highlights of things we do to keep our platform and all data highly secure:
- We will never sell your data
- We are certified as SOC2 Compliant
- We’re a Google verified application for accessing email data
- We have completed penetration testing conducted by Leviathan
- We run all of our applications in a highly secure environment run by AWS
- All data we collect is stored encrypted at rest
- We require users to complete two factor authorization to log in to the application
- Customers can choose to delete their account and all related data
- You can view our continuously updated SOC2 Gap Assessment (to access gap assessment report, enter your business email and password = public)
- We can send you a 24+ page whitepaper on our security practices (email security (at) sigparser.com)
- All of our vendors are GDPR compliant. Request our security whitepaper for details.
We never sell your data
We will never sell the data we extract for you to other companies. You are the owner of your data.
There are some other products out there similar to SigParser that do sell your data. You should watch out for those. Read their terms of service. Even some products that you pay for will take your data and sell it. Google’s security audit process has done a good job of shutting off some of these services but not all of them.
SOC2 Compliance by Vanta
We have engaged Vanta to certify that we are SOC2 compliant and continually monitor our compliance.
If you have questions about SOC2 compliance, you can learn more here
Amazon Web Services
We run our servers in Amazon run data centers called Amazon Web Services. These offer secure, reliable servers to host your most sensitive business data. Many of the companies you can think of run their services in Amazon Web Services.
Independent Security Verifications
We had Leviathan conduct a security audit most recently for us. They were one of two vendors Google required we use in order to access Gmail data. This involved a penetration test and policy and procedure review. We can provide an attestation letter of the results.
At Rest Encryption
All the data stored by SigParser is stored encrypted at rest. This includes databases and logs.
We use industry standard 256 bit SSL/TLS 1.2 support to encrypt all data traffic. We also encrypt your email credentials while at rest.
We store log data only as long as required to diagnose issues. Log data is stored encrypted at rest.
Our standard practice is to store application log entries for 60 days. This log data may contain identifying information required for diagnosing sync issues. Access to these logs is strictly controlled. These logs are cleaned automatically by AWS after 60 days.
We have other log entries that we store for longer for security purposes but these won’t contain personally identifiable information of your contacts.
SigParser has an advanced permission system which allows administrators to control exactly who has access to what data in SigParser.
Contacts Can Be Hidden
Contacts can be hidden from your other team members by making them private. Roles can control which contacts are accessible by which team members.
Remove Data When You Leave
When you leave SigParser you can have all your data deleted from the servers as long as you’re not part of a team of users. This takes a few minutes to complete but we’ll email you when it completes. It just takes a button click within the application. If you need to delete a team worth of data then you need to email us or every team member needs to delete their account. The last team member to delete their account will cause the database to be deleted.
If you want to know more about our security, we’re happy to provide you with our detailed security overview. It details everything about our security practices. It is very technical but valuable for knowing how hard we’re working on security. Contact us to get the paper.