Security and Data Privacy

We rely on industry best practices, security product features and partner with the best applications, systems and auditors to ensure your data is always protected.

soc2-dark

SOC 2

Abstrakt partnered with Drata, the leader in Compliance Monitoring, to ensure nothing slips through the cracks when it comes to security.

PCI/PII

Abstrakt leverages industry-leading technology to help make sure our customers remain PII/PCI compliant.

Additionally, Abstrakt provides 256-bit encryption, secure data storage, vulnerability/penetration testing (pen testing), service level agreements, and permission-based controls/SSO.

Privacy

Customers that utilize Abstrakt’s products may be considered a “Business” under the California Consumer Privacy Act (CCPA) and are responsible for ensuring that any processing of personal information is compliant with relevant data protection regulations, such as the CPRA. In relation to CCPA, Abstrakt is a “Service Provider” and “Contractor” and affirms that it will not:

  • Sell or share your Business’ personal information or your end-users’ personal information
  • Only retain, use, or disclose your Business’ personal information or your end-users’ personal information to the Sub-Processors listed below, who shall also comply with the CPRA
  • Process your Business’ personal information for any purpose other than those business purposes set forth in the CPRA or otherwise permitted by the California Privacy Protection Agency, as outlined in our Privacy Policy
  • Not retain, use, or disclose your Business’ personal information outside of the scope of the agreement we maintain with you
  • Combine personal information in violation of the CPRA.

For more information about our privacy practices and the ability to exercise your privacy rights under applicable data protection law, please refer to our Privacy Policy.

Customers that utilize Abstrakt’s products to collect and store personal data of EU citizens are considered data controllers under the European General Data Protection Regulation (GDPR). Abstrakt, as a data processor, can facilitate GDPR compliance through its Data Processing Addendum (DPA) which is designed to enable data transfers under the GDPR.

For more information about our privacy practices and the ability to exercise your privacy rights under applicable data protection law, please refer to our Privacy Policy.

Abstrakt separates customer data using unique logical identifiers assigned to each customer. Any time an application object is changed or created, the object is automatically linked to the customer’s account using the unique logical identifier. Additionally, Abstrakt logically segregates the development and production environments.

Uptime Monitoring

Review Abstrakt’s uptime monitoring here.

Sub-Processors

Abstrakt uses certain third-party sub-processors to assist in the delivery and hosting of Abstrakt’s products and services. These sub-processors have or may have access to or process Customer Content. All sub-processors are reviewed and assessed at least annually by the Security and Compliance team.

Abstrakt’s current sub-processors are as follows:

Entity NamePurposeEntity Country
Google WorkspaceCloud Hosting Service ProviderUnited States
Google Cloud PlatformCloud Computing ServicesUnited States
MongoDatabase ProgramUnited States
SendGridEmail Service ProviderUnited States
TableauData Visualization SoftwareUnited States
AtlassianSoftware DevelopmentUnited States
CloudflareDDoS Mitigation NetworkUnited States
GithubSoftware DevelopmentUnited States
PendoProduct Experience SoftwareUnited States
RewindData Backup and RecoveryUnited States
RainforestTest Automation SoftwareUnited States
SwaggerAPI DevelopmentUnited States