Trust Center

Security at Sift

Security is built into the fabric of our product, team, and process.

Show Navigation
Overview
Overview
Members
  • Compliance
  • Product Security
  • Data Security
  • Privacy
  • Incident Management & Response
  • Availability & Reliability
  • Organizational Security
  • Business Continuity
  • Infrastructure
  • Threat Management
  • Subprocessors
  • Compliance

    Last updated Tue, Jul 27, 2021
    • GDPR

      Sift is fully GDPR compliant and maintains a Data Privacy Agreement (DPA) to be used as an amendment to our contract for customers requiring compliance. A copy of this agreement may be obtained by contacting privacy@justsift.com

    • SOC 2 Type II

      Sift completes a SOC2 Type II audit yearly. A copy of our current report may be obtained by contacting security@justsift.com . This report contains detailed descriptions of most items below.

  • Product Security

    Last updated Mon, Jul 26, 2021
    • SAML SSO
  • Data Security

    Last updated Mon, Jul 26, 2021
    • Data Encrypted At-Rest
    • Data Encrypted In-Transit
    • Passwords Encrypted
  • Privacy

    Last updated Mon, Jul 26, 2021
    • Privacy Policy
      Privacy Policy
    • Data Processing Addendum
  • Incident Management & Response

    Last updated Mon, Jul 26, 2021
    • Incident Response Plan (IRP)
  • Availability & Reliability

    Last updated Mon, Jul 26, 2021
    • Data Redundancy
    • Infrastructure Redundancy
    • Quality Assurance Testing
  • Organizational Security

    Last updated Mon, Jul 26, 2021
    • Confidentiality Agreements
    • Employee Background Checks
    • Employee Security Training
    • Employee Workstations Encrypted
    • Limited Employee Access (Principle of Least Privilege)
    • Physical Access Control
  • Business Continuity

    Last updated Mon, Jul 26, 2021
    • Business Continuity Plan
    • Disaster Recovery Plan
    • Data Backups
  • Infrastructure

    Last updated Tue, Jul 27, 2021
    • Multi-Tenant Architecture
    • ISO 27001 - Data Center
    • SOC 2 Type II - Data Center
    • Environmental Safeguards - Data Center
  • Threat Management

    Last updated Mon, Jul 26, 2021
    • Penetration Testing
    • Responsible Disclosure
    • Vulnerability Scanning
  • Subprocessors

    Last updated Tue, Jul 27, 2021
    • Name
      Purpose
      Location
      Amazon Web Services
      Cloud Hosting
      USA
      Datadog
      Logging and Monitoring
      USA
      Google Analytics
      Usage Analytics
      USA
      Intercom
      Customer Support
      USA
      Mailgun
      Email Sending
      USA
      Microsoft Azure
      Cloud Hosting
      USA
      Mixpanel
      Usage Analytics
      USA
      Segment
      Usage Analytics
      USA
      Sentry
      Error Tracking and Alerting
      USA