For Iterate customers, Iterate is a “service provider” under the CCPA. We process personal information only on behalf of our customers. The personal information that's collected is in complete control of the customer, based on what questions they choose to ask. We collect and store that data only for the purpose of providing our services to the customer and we do not sell that information to third parties.
- Swiss-US Privacy Shield
Iterate is self-certified under the US & Swiss privacy shield frameworks.
We are committed to the principles inherent to the GDPR and particularly the concepts of privacy by design, the right to be forgotten, and data consent. Iterate customers are in complete control of what user data they collect based on the questions they choose to ask. We provide tools for customers to delete their data as well as customer data, and provide APIs to automate this process.
- Data Encrypted At-Rest
All user data is encrypted at rest.
- Data Encrypted In-Transit
All user data is encrypted via HTTPS/TLS
- Passwords Encrypted
Customer passwords are encrypted using bcrypt and include a per-user salt.
- Data Breach Notification
Availability & Reliability
- Data Redundancy
Data is stored across a cluster of servers ensuring high availability and uptime.
- Infrastructure Redundancy
Application servers are dynamically added based on load and constantly monitored and replaced in the event of a loss of availability.
- Employee Background Checks
All full-time employees are subject to background checks.
- Employee Security Training
Security is built into our engineering process from the start. All full-time employees are trained on our privacy and security best-practices, all code is peer-reviewed and audited to ensure it is secure and we're constantly monitoring for new risk mitigation strategies.
- Employee Workstations Automatically Locked
- Employee Workstations Encrypted
All employee workstations are password protected and enabled with disk encryption.
- Limited Employee Access (Principle of Least Privilege)
Employee access is limited to the minimum amount of access needed to perform their job.
- Physical Access Control
- Business Continuity Plan
- Data Backups
All user data is backed up and retained for 30 days.
- Multi-Tenant Architecture
- Bug Bounty
Iterate offers financial compensation for self-reported bug and vulnerability reports subject to the discretion of our security team based on the severity of the issue.