Skip to main content

SECURITY

Privacy at our core, with a
comprehensive, holistic approach to cybersecurity and individual privacy

Privacy at our core, with a comprehensive, holistic approach to cybersecurity and individual privacy

We go above and beyond when protecting your personal data.

Our approach for
protecting your
personal data

We continuously monitor and protect your personal data using up-to-date security principles and best practices in order to keep up with the pace of modern cybersecurity threats.

Our approach for protecting your personal data

We continuously monitor and protect your personal data using up-to-date security principles and best practices in order to keep up with the pace of modern cybersecurity threats.

Regulatory Compliance & Audit
  • We maintain compliance with AICPA SOC 2 Type 2 requirements and have done so since 2021.
  • We conduct regular internal audits to ensure adherence to security policies and procedures.
  • We collaborate with external auditors to validate ongoing compliance and maintain certification.
  • We maintain privacy compliance with GDPR and consumer data security and privacy laws passed by US States.
Strong Data Protection
  • We implement encryption protocols to safeguard Personally Identifiable Information (PII) both in transit and at rest using 256-bit AES and TLS 1.2 encryption.
  • We implement and maintain strict access controls, multi-factor authentication (MFA), and role-based access to limit data exposure.
  • We regularly review and update data retention policies to ensure compliance and minimize data exposure.
Continuous Threat Monitoring
  • We implement advanced threat detection tools and intrusion prevention systems to monitor network traffic for anomalies.
  • We conduct real-time analysis of logs and alerts to identify potential security incidents promptly.
  • We use a Security Operations Center and a Managed Detection and Response platform to monitor and respond to threats, 24 hours a day.
Third-Party Risk Management
  • We perform thorough security assessments of third-party tools and services.
  • We ensure that all vendors adhere to industry best practices and maintain high security standards.
  • We regularly audit and monitor third-party access and interactions with sensitive data.
Secure Development Practices
  • We review security processes for the secure software development life cycle (SDLC) to ensure that security is built into every stage of the development process.
  • We conduct regular code reviews, vulnerability assessments, and penetration testing to identify and remediate potential weaknesses.
  • We increase security visibility into engineering projects to identify security gaps and strengthen secure code hygiene.
Employee Security Awareness Training
  • We conduct regular cybersecurity training for all employees to educate them about the latest threats, best practices, and security policies.
  • We foster a culture of security awareness, encouraging employees to report suspicious activities promptly.
  • We implement regular phishing simulations to enhance employees’ ability to identify and respond to social engineering attacks.
Incident Response Planning
  • We have developed and maintain a comprehensive incident response plan to address verified potential security breaches swiftly and effectively.
  • We conduct regular incident response drills and tabletop exercises to ensure readiness.
  • We are prepared to establish clear communication protocols with stakeholders and regulatory bodies in the event of any verified breach.
Data Backup and Disaster Recovery
  • We implement a robust data backup and disaster recovery strategy to ensure business continuity in case of data loss or system failure.
  • We regularly test and update the disaster recovery plan to reflect changes in our organization’s infrastructure.
Security Governance and Accountability
  • We have developed and maintain a comprehensive incident response plan to address verified potential security breaches swiftly and effectively.
  • We conduct regular incident response drills and tabletop exercises to ensure readiness.
  • We are prepared to establish clear communication protocols with stakeholders and regulatory bodies in the event of any verified breach.
Continuous Improvement & Adaptation
  • We regularly review and update our cybersecurity strategy to adapt to evolving threats and technological advancements.
  • We encourage a culture of continuous improvement by soliciting feedback from all stakeholders and incorporating lessons learned from security incidents.
  • We ensure consistent and updated communication of security and compliance updates to all of our teams.
  • Our security assessment procedures are well documented. Updates are reviewed regularly and communicated to all of our teams.

    Regulatory Compliance & Audit

    • We maintain compliance with AICPA SOC 2 Type 2 requirements and have done so since 2021.
    • We conduct regular internal audits to ensure adherence to security policies and procedures.
    • We collaborate with external auditors to validate ongoing compliance and maintain certification.
    • We maintain privacy compliance with GDPR and consumer data security and privacy laws passed by US States.

    Strong Data Protection

    • We implement encryption protocols to safeguard Personally Identifiable Information (PII) both in transit and at rest using 256-bit AES and TLS 1.2 encryption.
    • We implement and maintain strict access controls, multi-factor authentication (MFA), and role-based access to limit data exposure.
    • We regularly review and update data retention policies to ensure compliance and minimize data exposure.

    Continuous Threat Monitoring

    • We implement advanced threat detection tools and intrusion prevention systems to monitor network traffic for anomalies.
    • We conduct real-time analysis of logs and alerts to identify potential security incidents promptly.
    • We use a Security Operations Center and a Managed Detection and Response platform to monitor and respond to threats, 24 hours a day.

    Third-Party Risk Management

    • We perform thorough security assessments of third-party tools and services.
    • We ensure that all vendors adhere to industry best practices and maintain high security standards.
    • We regularly audit and monitor third-party access and interactions with sensitive data.

    Secure Development Practices

    • We review security processes for the secure software development life cycle (SDLC) to ensure that security is built into every stage of the development process.
    • We conduct regular code reviews, vulnerability assessments, and penetration testing to identify and remediate potential weaknesses.
    • We increase security visibility into engineering projects to identify security gaps and strengthen secure code hygiene.

    Employee Security Awareness Training

    • We conduct regular cybersecurity training for all employees to educate them about the latest threats, best practices, and security policies.
    • We foster a culture of security awareness, encouraging employees to report suspicious activities promptly.
    • We implement regular phishing simulations to enhance employees’ ability to identify and respond to social engineering attacks.

    Incident Response Planning

    • We have developed and maintain a comprehensive incident response plan to address verified potential security breaches swiftly and effectively.
    • We conduct regular incident response drills and tabletop exercises to ensure readiness.
    • We are prepared to establish clear communication protocols with stakeholders and regulatory bodies in the event of any verified breach.

    Data Backup and Disaster Recovery

    • We implement a robust data backup and disaster recovery strategy to ensure business continuity in case of data loss or system failure.
    • We regularly test and update the disaster recovery plan to reflect changes in our organization’s infrastructure.

    Security Governance and Accountability

    • We have developed and maintain a comprehensive incident response plan to address verified potential security breaches swiftly and effectively.
    • We conduct regular incident response drills and tabletop exercises to ensure readiness.
    • We are prepared to establish clear communication protocols with stakeholders and regulatory bodies in the event of any verified breach.

    Continuous Improvement & Adaptation

    • We regularly review and update our cybersecurity strategy to adapt to evolving threats and technological advancements.
    • We encourage a culture of continuous improvement by soliciting feedback from all stakeholders and incorporating lessons learned from security incidents.
    • We ensure consistent and updated communication of security and compliance updates to all of our teams.
    • Our security assessment procedures are well documented. Updates are reviewed regularly and communicated to all of our teams.

    and beyond…

    Security Controls
    Transparency

    Security Controls
    Transparency

    At DeleteMe, we strongly uphold the principle of transparency in our security controls. We invite you to explore our TrustShare platform, where you can witness the active and real-time monitoring of our deployed security measures. The TrustShare platform provides continuous real-time oversight of all our integrated controls, which is the same system our auditors utilize for evaluating security and regulatory compliance.

    We extend access to our TrustShare platform to you as part of our dedication to establishing and effectively communicating the practices and controls within our security program. In alignment with our corporate mission, which is centered on restoring fairness, privacy, and control to personal data, we are equally committed to transparency regarding how we safeguard your data.

    If you have any questions, please reach out to our security team at security@joindeleteme.com

    DeleteMe maintains third-party compliance attestations for SOC 2 (Type 2) annually (Since 2021). GPDR and US State Privacy Laws are continuously reviewed for compliance.

    Please report any security issues, including any discovered vulnerabilities with our website or service, to security@joindeleteme.com