Safeguarding your data and privacy
At Crowd, we prioritize the security and privacy of your company's information. This commitment is reflected in our
robust security practices and policies. This page provides insights into our security measures, assuring you that your
data is handled responsibly and securely.
Security Policies
Our comprehensive suite of information security policies covers key areas such as:
- Information security roles and responsibilities.
- Access control and operations security.
- Business continuity and disaster recovery.
- Secure development and third-party management.
- incidence response
These policies are regularly reviewed and updated by our management team, with all team members annually reviewing and
agreeing to adhere to them.
Testing and Review
To ensure the robustness of our security:
- We conduct penetration tests annually.
- All changes to our software undergo a rigorous code review process.
- Our CI/CD pipeline includes extensive tests and vulnerability scans.
Encryption and Data Handling
- All-access to our platform is through HTTPS-encrypted connections.
- Our production database is encrypted at rest. The connection is encrypted and authenticated using AES_128_GCM and
uses X25519 as the key exchange mechanism.
- Credit card processing is handled by Stripe and Chargebee with credit card details not stored on our servers. Please
see https://stripe.com/docs/security/ and https://www.chargebee.com/security for more information about their
security commitment and PCI compliance.
- We can delete your credit cards on these platforms upon request
Image Storage and Backups
- Your images are securely hosted on Cloudinary with secure URLs. See Cloudinary's security policy for more
information.
- Database backups are encrypted and retained for specific durations.
- Point-in-time recovery is facilitated through continuous backups.
Hosting
- We're hosted on Digital Ocean's App Platform, a secure Platform-as-a-Service. Check Digital Ocean's security policy
for details. They uphold high-security standards, ensuring a reliable environment for Crowd.
Availability and Uptime
- Our platform ensures high availability with continuous monitoring for swift responses. Check our status page for
real-time updates during any unforeseen challenges.
- Our historical uptime exceeds 99%.
- Engineers maintain a 24/7/365 on-call rotation to ensure accessibility globally.
Privacy and Compliance
- We are proud to be GDPR and CCPA-compliant, ensuring security availability. Check our privacy policy.
- Explore the terms that govern your experience on Crowd by reviewing our Terms of Service.
- Explore the rules that protect your privacy on Crowd by checking out our
Privacy Policy
Sub-Processors
Crowd utilizes data sub-processors to enhance our service delivery. You can access the complete list of sub-processors
and their security details here.
Employee Security
- Team members undergo annual security awareness training.
- Background checks are performed on all new team members.
- The principle of least privilege is followed in identity and access management.
Questions and Reporting Vulnerabilities
If you have any security-related questions or believe you've found a vulnerability, contact our Security Team at
support@crowdapp.io
At Crowd, your data is not just a responsibility; it's our commitment to keeping it secure and private.