Security is baked into our DNA at Sardine. We don’t just make awesome products to fight fraud, we also ensure that our platform remains secure for your use and for your data. That is why we are committed to the highest standards of security. Our security and compliance teams are dedicated to maintaining parity with SOC2 and PCI frameworks.
Our information security program begins with NIST CSF (Cybersecurity Framework). We implement and maintain physical, administrative, and technical safeguards designed to protect the confidentiality, integrity, and availability of our services and your data. You can read more about our entire Security Program at our Security Portal and the data we collect here.
Here are some examples of the best practices we use to protect your data:
- 2FA - two steps authentication adds a layer of protection to your data.
- Encryption - your data is encrypted at rest and in transit so others can’t read it.
- Passwords - we use complex passwords and store passwords hashed using industry best practices. We never store passwords in plain text.
- Whitelisting - configurable whitelisting of IP addresses controls who has access to your data.
- Penetration testing - we hire firms to test the security of our systems and SDKs.
- Attestations - we regularly perform internal assessments of our systems and hire others to test our security controls to ensure we are using best practices to keep your data safe.
But don’t just take our word for it. We are audited annually by an independent accounting firm for our SOC 2 Type II report, which is available to our customers. We also have our products and services penetration tested by an independent security testing firm; the summary report is available to our customers.
Still have questions about our information security program? We love bragging about it, please reach out and we’ll be happy to do so.
- We will not disclose information about your creditworthiness to our affiliates and will not disclose your personal information with non-affiliated third parties to market to you, other than as permitted by Vermont law, unless you authorize us to make those disclosures.
- Additional information concerning our privacy policies can be found at crypto.sardine.ai/privacy.
- Open an account or provide account information
- Use your credit or debit card or give us your contact information
- Tell us who receives the money or tell us where to send the money
- sharing for affiliates’ everyday business purposes—information about your creditworthiness
- affiliates from using your information to market to you
- sharing for nonaffiliates to market to you