Security at Datature

Is Datature SOC2 complaint?

Datature is SOC2 Type 2 compliant. This is an important security policy when handling sensitive customer data.

Access our SOC2 report by contacting us at security@datature.io.

Is Datature HIPAA compliant?

Datature is HIPAA compliant. You can store Protected Health Information (PHI) on our hosted platform once you enter in to a Business Associate Agreement (BAA) with us.

Sign our BAA by contacting us at security@datature.io.

How is my data protected?

All customer data is encrypted at rest and in transit. Sensitive information like access tokens and keys are encrypted at the application level before they are stored in the database.

How often does Datature backup data?

All customer databases are backed up regularly, with intervals as frequent as every 12 hours.

How does Datature process payments?

Datature uses Stripe to process payments and does not store personal credit card information for any of our customers.

Stripe is a certified PCI Service Provider Level 1, which is the highest level of certification in the payments industry.

How does Datature manage vulnerabilites?

At Datature, we regularly test our infrastructure for vulnerabilities. Our security teams conduct scans, penetration tests, and red team exercises to identify potential issues. We also engage top industry experts for third-party assessments, addressing their findings promptly.

Additionally, we use Vanta to track and manage vulnerabilities within our compliance frameworks, ensuring timely resolution.

How does Datature protect against Distributed Denial of Service (DDoS) attacks?

Datature combats DDoS attacks in several ways to mitigatre resource abuse and prevent runaway bills.

In addition to protection at the CDN level via Cloudflare, we employ fail2ban to prevent brute force logins.