Security and compliance matters to us because it matters to our customers.

As a security company, the security and integrity of our systems is paramount. We accept the responsibility of safeguarding data that our customers’, employees’, and partners’ have entrusted to us.

Security

Each day we rigorously ensure the security, availability, and resilience of our systems. We have implemented policies that follow best-in-class practices for building and managing cloud environments, including application, network and physical security.

Responsible Disclosure

A key part of our security program is responsible disclosure. We encourage and greatly appreciate security researchers to contact us to report any potential vulnerabilities found in our products or other digital assets.

If you have identified a potential security vulnerability, please follow the process outlined to engage with our security team.

Compliance Certifications

PCI DSS 3.2

The PCI DSS is an information security standard created by the major credit card companies and managed by the PCI Standards Security council. The PCI DSS sets a baseline of technical and operational requirements needed to protect credit card account information that is shared across systems including card number, verification number, and expiration date. The Cequence systems do not process or store credit card data. However, incoming cardholder data may be decrypted and forwarded on to the client application if it is in the data stream for the protected website.

SOC 2

Our examination for the SOC 2 Type I was conducted in accordance with attestation standards established by the American Institute of Certified Public Accountants. The examination was designed for the purpose of expressing an opinion about whether, in all material respects, the description of the Cequence systems and corresponding security controls is presented in accordance with the SOC 2 description criteria and whether the controls stated therein were suitably designed to provide reasonable assurance that the service organization’s service commitments and system requirements were achieved based on the applicable trust services criteria. The opinion of the Auditor was based on the examination and the procedures performed in the examination were limited to those that were considered necessary.