For Iterate customers, Iterate is a “service provider” under the CCPA. We process personal information only on behalf of our customers. The personal information that's collected is in complete control of the customer, based on what questions they choose to ask. We collect and store that data only for the purpose of providing our services to the customer and we do not sell that information to third parties.
Iterate is self-certified under the US & Swiss privacy shield frameworks.
We are committed to the principles inherent to the GDPR and particularly the concepts of privacy by design, the right to be forgotten, and data consent. Iterate customers are in complete control of what user data they collect based on the questions they choose to ask. We provide tools for customers to delete their data as well as customer data, and provide APIs to automate this process.
All user data is encrypted at rest.
All user data is encrypted via HTTPS/TLS
Customer passwords are encrypted using bcrypt and include a per-user salt.
Data is stored across a cluster of servers ensuring high availability and uptime.
Application servers are dynamically added based on load and constantly monitored and replaced in the event of a loss of availability.
All full-time employees are subject to background checks.
Security is built into our engineering process from the start. All full-time employees are trained on our privacy and security best-practices, all code is peer-reviewed and audited to ensure it is secure and we're constantly monitoring for new risk mitigation strategies.
All employee workstations are password protected and enabled with disk encryption.
Employee access is limited to the minimum amount of access needed to perform their job.
All user data is backed up and retained for 30 days.
Iterate offers financial compensation for self-reported bug and vulnerability reports subject to the discretion of our security team based on the severity of the issue.