Security and Data Privacy

We rely on industry best practices, security product features and partner with the best applications, systems and auditors to ensure your data is always protected.

SOC 2

Abstrakt partnered with Drata, the leader in Compliance Monitoring, to ensure nothing slips through the cracks when it comes to security.

PCI/PII

Abstrakt leverages industry-leading technology to ensure our customers remain PII/PCI compliant.

Additionally, Abstrakt provides 256-bit encryption, secure data storage, vulnerability/penetration testing (pen testing), service level agreements, and permission-based controls/SSO.

Privacy

Customers that utilize Abstrakt’s products may be considered a “Business” under the California Consumer Privacy Act (CCPA) and are responsible for ensuring that any processing of personal information is compliant with relevant data protection regulations, such as the CPRA. In relation to CCPA, Abstrakt is a “Service Provider” and “Contractor” and affirms that it will not:

Sell or share your Business’ personal information or your end-users’ personal information
Only retain, use, or disclose your Business’ personal information or your end-users’ personal information to the Sub-Processors listed below, who shall also comply with the CPRA
Process your Business’ personal information for any purpose other than those business purposes set forth in the CPRA or otherwise permitted by the California Privacy Protection Agency, as outlined in our Privacy Policy
Not retain, use, or disclose your Business’ personal information outside of the scope of the agreement we maintain with you
Combine personal information in violation of the CPRA.

For more information about our privacy practices and the ability to exercise your privacy rights under applicable data protection law, please refer to our Privacy Policy.

Customers that utilize Abstrakt’s products to collect and store personal data of EU citizens are considered data controllers under the European General Data Protection Regulation (GDPR). Abstrakt, as a data processor, can facilitate GDPR compliance through its Data Processing Addendum (DPA) which is designed to enable data transfers under the GDPR.

For more information about our privacy practices and the ability to exercise your privacy rights under applicable data protection law, please refer to our Privacy Policy.

Abstrakt separates customer data using unique logical identifiers assigned to each customer. Any time an application object is changed or created, the object is automatically linked to the customer’s account using the unique logical identifier. Additionally, Abstrakt logically segregates the development and production environments.

Uptime Monitoring

Review Abstrakt’s uptime monitoring here.

Sub-Processors

Abstrakt uses certain third-party sub-processors to assist in the delivery and hosting of Abstrakt’s products and services. These sub-processors have or may have access to or process Customer Content. All sub-processors are reviewed and assessed at least annually by the Security and Compliance team.

Abstrakt’s current sub-processors are as follows:

Entity Name	Purpose	Entity Country
Google Workspace	Cloud Hosting Service Provider	United States
Google Cloud Platform	Cloud Computing Services	United States
Mongo	Database Program	United States
SendGrid	Email Service Provider	United States
Tableau	Data Visualization Software	United States
Atlassian	Software Development	United States
Cloudflare	DDoS Mitigation Network	United States
Github	Software Development	United States
Pendo	Product Experience Software	United States
Rewind	Data Backup and Recovery	United States
Rainforest	Test Automation Software	United States
Swagger	API Development	United States