Security and Compliance

We take our responsibility for the security of your users' address books very seriously.

We know your customers’ contacts are extremely important to you and your business, and we’re very protective of it. They never get saved to disk, ever. They stay in our server’s memory for a few minutes before getting deleted forever.

Physical Security

CloudSponge uses AWS for our hosting, and the security of the data center is handled by Amazon staff. AWS has world class standards for their data center security.

Operational Security

AWS has a large list of certifications. HIPAA, ISO 27001, SOC 1, 2 and 3 amongst others. You can find out more here. CloudSponge utilises documented change-management procedures, and access to user data is limited on an as needed basis. Our staff must review our security policies and procedures yearly, and agree to the policies listed within.

System and Software Security

We run a hardened OS, and critical security patches are applied as quickly as possible. Access to our servers is protected by strict security rules on an as-needed basis. No internet traffic is allowed to directly hit our servers. We utilise a WAF to mitigate against common attacks, and any suspicious behaviour is alerted, and investigated immediately.

CloudSponge regularly tests our application looking for security vulnerabilities. Our software is kept up to date, and we employ multiple monitoring solutions to ensure the security of your data. Regular vulnerability assessments are performed, and any issues found are addressed in a timely fashion. Annual penetration tests are also performed to verify the security of our systems and software.

Employee Access

No CloudSponge employees ever access user data unless required for support reasons. Support staff may access your account info to facilitate any support issues. Support staff does not have direct access to address book information.

Maintaining Security

We have full time staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks, such as XSS. We’re extremely concerned and aware about security, we’re aware that your customers’ contact lists are very important and valuable, and we treat them as we would want our address books treated.

Credit Cards

Our payment processing is handled by Authorize.net and Chargify, which are PCI certified. We do not store any credit card information ourselves.

Contact Us

Have a question, concern, or comment about CloudSponge security? Please contact us, we’re happy to address any issues you might have.

Skyhigh CloudTrust™ Program

security/skyhigh-enterprise-ready.png

Skyhigh Networks performs objective and thorough evaluations of the enterprise-readiness of cloud service based on a detailed set of criteria developed in conjunction with the Cloud Security Alliance (CSA). Services designated as Skyhigh Enterprise-Ready are the services receiving the highest CloudTrust™ Ratings, which fully satisfy the most stringent requirements for data protection, identity verification, service security, business practices, and legal protection.