At Anecdote, we prioritize the security and privacy of the data that our valued customers entrust to us. We have meticulously designed our application with a multi-tiered security approach and maintain a steadfast commitment to secure development practices, augmented by comprehensive third-party assessments. While innovating and delivering cutting-edge features, we remain resolute in upholding stringent security standards to ensure your data's safety.
We understand that granting us access to your internal corporate data is a significant decision. To instill confidence, we have taken numerous steps to establish a robust security program that offers you the peace of mind you deserve. We safeguard each customer's data, ensuring its segregation from other customers' data. Furthermore, the same principles of access limitation apply to our own staff. At Anecdote, we uphold a strict policy: we never access your data without your awareness, and we strictly refrain from creating any form of meta-reporting that could be potentially resold. Our primary focus centers on delivering the value we promise, without compromise.
As global regulations evolve, we remain dedicated to updating this section as needed to ensure ongoing compliance.
GDPR
The General Data Protection Regulation (GDPR), a comprehensive EU data privacy law in effect since May 25, 2018, has our unwavering attention. Anecdote operates as a data processor, supporting data controllers in fulfilling their GDPR obligations. We route direct inquiries from consumers and end-users to the respective data controllers for handling.
To align with GDPR, we establish Data Protection Agreements with relevant customers and third parties, ensuring robust processing and safeguards for EU personal data. Our standardized processes and technical capabilities aid our customers in responding to data subject requests. We meticulously select and monitor third-party vendor relationships with a risk-based approach.
For a detailed list of our subprocessors and to know more about GDPR, contact us at hello@anec.app
We address information security and data privacy through a holistic integration of people, processes, and technology. To validate the effectiveness of our internal security controls, we have engaged an independent auditor to assess our compliance with a specialized framework tailored for software-as-a-service (SaaS) providers.
Anecdote proudly holds a SOC 2 Type 2 report, confirming our alignment with the SOC 2 SSAE 18 standard. This report encapsulates our approach to information security management, risk assessment, board oversight, and third-party risks, among other guiding principles.
Our commitment to compliance is further fortified by hosting our services on Amazon Web Services (AWS). AWS is a state-of-the-art data center equipped with innovative architectural and modern engineering approaches. These data centers have received validation for compliance against rigorous standards, regulations, and diverse frameworks. To delve deeper into AWS's compliance, you can explore here: https://aws.amazon.com/compliance.
CCPA
The California Consumer Privacy Act (CCPA), effective from January 1, 2020, sets new privacy rights for California consumers and obligations for covered businesses like ours.We have established processes to address consumer requests under CCPA, which encompass rights such as knowing collected information, obtaining copies of personal data, deletion of personal information, opting out of data sale, and equal service and pricing despite privacy choices. To learn more or request a Data Protection Agreement, reach out to abed@anec.app.
Security Governance
Information Security Program: Anecdote maintains a formal information security program, supported by written policies, approved by management, and communicated to our staff.Security Leadership Committee: Oversight and approval for security and compliance initiatives are provided by our security leadership committee at the executive level.
Application & Product Security
Authentication: Single Sign-On (SSO) using G-Suite identity offers secure authentication for users. Strong encryption and hashing methods protect user passwords, while APIs communicate exclusively over encrypted channels, accessible only by verified users.Access Controls: Our multitenant architecture enforces logical separation of customer data through access control mechanisms based on company, users, and roles. A meticulous system of access control lists, authentication, and authorization ensures data access solely for authorized users. Unique GUIDs grant customer accounts access according to assigned privileges.
Resilient & Secure Architecture
Redundant and Scalable Infrastructure: Our geographically distributed availability zones, hosted by Amazon Web Services, ensure the resilience and scalability of Anecdote's data and services. Scalable infrastructure supports high availability, network resources are isolated, and automated provisioning meets peak demands.Encryption: We employ recommended secure cipher suites for end-to-end encryption, safeguarding data in transit and at rest. Strict key management protocols, including key rotation and limited access, ensure data protection.Threat Monitoring: Our vigilant threat detection mechanisms and incident response process are poised to address potential network intrusions, system compromises, and breaches. Swift communication is maintained with stakeholders in the event of an incident.Recovery Capabilities: Geographically distributed data replication, daily backups, and robust restoration procedures guarantee data continuity and recovery in the face of unexpected events.
Secure Build
Design & Build Practices: A well-defined Software Development Lifecycle (SDLC) policy guides our engineers, ensuring secure development practices, code evaluation, change management, and peer reviews.Penetration Testing: Annual third-party penetration tests validate our security measures.
Personnel Practices
Recruitment & Selection Practices: Rigorous background verification and confidentiality agreements bolster our employee selection process.Access Controls: Access to production systems is exclusive to authorized employees, regularly reviewed for necessity.For inquiries or security incidents, please reach out to hello@anec.app. Your trust is paramount, and we're dedicated to upholding the highest security standards to protect your data.
Anecdote, Inc is an entity registered in the United States with its address at 651 N Broad St, Suite 206 Middletown Delaware 19709.
.png)
