Security at Sardine
Security is baked into our DNA at Sardine. We don’t just make awesome products to fight fraud, we also ensure that our platform remains secure for your use and for your data. That is why we are committed to the highest standards of security. Our security and compliance teams are dedicated to maintaining parity with SOC2 and PCI frameworks.
Our information security program begins with NIST CSF (Cybersecurity Framework). We implement and maintain physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, and availability of our services and your data. You can read more about our entire Security Program at our Security Portal and the data we collect here.
Here are some examples of the best practices we use to protect your data:
- 2FA - two steps authentication adds a layer of protection to your data.
- Encryption - your data is encrypted at rest and in transit so others can’t read it.
- Passwords - we use complex passwords and store passwords hashed using industry best practices. We never store passwords in plain text.
- Whitelisting - configurable whitelisting of IP addresses controls who has access to your data.
- Penetration testing - we hire firms to test the security of our systems and SDKs.
- Attestations - we regularly perform internal assessments of our systems and hire others to test our security controls to ensure we are using best practices to keep your data safe.
But don’t just take our word for it. We are audited annually by an independent accounting firm for our SOC 2 Type II report, which is available to our customers. We also have our products and services penetration tested by an independent security testing firm; the summary report is available to our customers.
Still have questions about our information security program? We love bragging about it, please reach out and we’ll be happy to do so.