Built-in security measures
Canditech’s Compliance OS is designed to prioritize security and protection at all times. To achieve this, we have implemented a range of measures and best practices for encryption. We also regularly monitor our infrastructure and applications and conduct penetration testing at least once a year to ensure the security and integrity of our platform.
Protecting your data stored in the cloud
We understand the importance of protecting data and take every measure to ensure the security and compliance of our platform. Our web servers are equipped with strong encryption protocols, and all data is encrypted both in transit and at rest. Additionally, we only work with partners who uphold the same high standards of security and compliance, such as Amazon Web Services and Microsoft.
Transparency and privacy are key
At Canditech, we believe that client data belongs to the client, and we do everything in our power to ensure that it stays that way. We are committed to transparency and will always be open and honest about how we use and protect your data.
Compliance and certificates
- ISO/IEC 27001:2013, which is the most rigorous global security standard for Information Security Management Systems (ISMS)
- GDPR: General Data Protection Regulation (GDPR). For the success of our clients and the protection of their personal data.
- AWS: Canditech is an APN Advanced Technology Partner and a part of the APN Global Startup Program.
FAQs
How does Canditech secure its users’ access to Canditech?
Canditech can be accessed through a variety of authentication methods, including:
- Using a username (typically an email address) and password.
- Utilizing external identity providers such as Google SSO (available for Pro and Enterprise clients), or Okta, OneLogin, Azure AD, and custom SAML 2.0 (available for Enterprise clients).
Does Canditech support various password configuration policies?
Administrators can choose from two password-strength settings for their accounts:
- Default – a minimum of 8 characters.
- Strong – a minimum of 8 characters with at least one digit, one lowercase letter, one uppercase letter, and one symbol.
Is Canditech’s clients’ data encrypted? What methodologies are used to encrypt data?
Canditech uses various methods to encrypt client data, including:
- AES-256 encryption for data at rest.
- TLS 1.3 (or a minimum of TLS 1.2) encryption for data in transit across open networks.
- Hashing and salting for user passwords.
Is Canditech PCI-DSS compliant?
Canditech employs the services of a third-party billing processor certified for PCI-DSS compliance, ensuring that all credit card payments processed through our billing system meet PCI-DSS requirements. PCI-DSS data is not stored in our system, and we are not required to hold a PCI-DSS certification.
Where are Canditech’s data centers located?
Canditech is a cloud-based service hosted on Amazon Web Services infrastructure in Northern Virginia, spanning multiple Availability Zones, with a disaster recovery site located in a different region. Enterprise plan customers have the option to host their data in our EU data center located in Frankfurt, Germany, which utilizes advanced physical and environmental security measures for highly resilient infrastructure. Additional information about our security practices can be found on the AWS security page.
Does Canditech have dedicated security personnel?
Yes, our security efforts are overseen by our CISO and Security Team and guided by a larger Security Forum consisting of representatives from various teams such as infrastructure, R&D, operations, legal, and IT.
Does Canditech have a Data Processing Agreement to cover GDPR requirements?
Yes, Canditech has a DPA.
