Introduction

Spate is committed to maintaining the highest standards of security and compliance to ensure the protection of our clients' data. This security information page provides an overview of the security measures and practices we employ to achieve SOC 2 compliance.

SOC 2 (System and Organization Controls 2) is a framework for assessing the controls related to security, availability, processing integrity, confidentiality, and privacy of systems at a service organization like Spate.

Scope

Our SOC 2 compliance covers the systems, services, and processes involved in delivering consumer behavior data and analysis.

Security Policies and Procedures

We have established comprehensive security policies and procedures to safeguard our systems and data. These include stringent access controls, regular security training for employees, and continuous monitoring of our infrastructure. Key security controls implemented include automated vulnerability scanning and detection of our infrastructure and codebase, security awareness training, and penetration testing at least once annually.

Data Protection Measures

Data protection is paramount to us. We employ strong encryption protocols to safeguard sensitive data both in transit and at rest. Our data retention and disposal practices adhere to industry standards, ensuring that data is retained only for as long as necessary and securely disposed of when no longer needed. Application secrets are encrypted and stored using Google Cloud Secret Manager.

Incident Response and Management

In the event of a security incident or breach, we have robust incident response procedures in place. Our team is trained to respond promptly, mitigate risks, and restore normal operations. We maintain detailed incident logs and conduct thorough post-incident reviews to prevent recurrence.

Third-Party Relationships

We work with trusted third-party service providers whose roles are integral to our operations. Third-party risks are carefully assessed, and appropriate contractual agreements and oversight mechanisms are in place to manage and monitor these relationships effectively.

Physical Security

While our operations primarily occur in digital environments, we also maintain physical security measures at our facilities. These include access controls, surveillance systems, and regular security audits to ensure the safety of our premises.

Compliance Monitoring and Auditing

We continuously monitor and audit our systems and processes to maintain compliance with SOC 2 requirements. Internal audits are conducted regularly to assess our security posture, supplemented by external audits performed by accredited auditors.

Regulatory Compliance

In addition to SOC 2 compliance, we adhere to other relevant regulatory requirements including GDPR. Our security practices are designed to align with these regulations to provide comprehensive protection for our clients' data.

Conclusion

At Spate, we take security and compliance seriously. Our commitment to maintaining SOC 2 compliance reflects our dedication to protecting the confidentiality, integrity, and availability of our clients' data. For further inquiries or information, please contact security@spate.nyc.