Skip to main content

Security policy

This security policy is applicable from 2022, July 1st.

Security and Trust

Keeping your data safe and secure is paramount. We adopt industry standard design-led approaches to security at all levels from the way we design our software, its deployment, maintenance, monitoring and platform architecture, and operational standards. At all times you retain control over the data Corphedge has access to and the transactions that occur and at any time can request a deletion of all personal data.

Contact This email address is being protected from spambots. You need JavaScript enabled to view it. if you have any questions or feedback.

User processed data

CorpHedge is committed to the security of the data you process with us. To that end, we have created our systems from the ground up based on security and data protection best practices

We do not store the data that you load using our data integrations. At no time does your data ever enter a backup, except for a few access cases where third-party APIs do not provide access to historical data. We cache data for the time required for us to serve you in an efficient manner. In almost all cases, data remains in secure short-lived caches.

 

Website, account management, and purchases

All connections to any of our services, our web portal, our account management system, and any purchases you make are encrypted by default using industry-standard cryptographic protocols (TLS 1.2+).

Any attempt to connect over an unencrypted channel (HTTP) is redirected to an encrypted channel (HTTPS).

Our network security architecture consists of multiple security zones. We monitor and protect our network, to make sure no unauthorized access is performed using:

  • A virtual private cloud (VPC), a bastion host or VPN with network access control lists (ACL’s), and no public IP addresses.
  • A firewall that monitors and controls incoming and outgoing network traffic.
  • An Intrusion Detection and Prevention technologies (IDS/IPS) solution that monitors and blocks potential malicious packets.
  • A Web Application Firewall (WAF) to protect our applications, increase visibility, and secure code.
  • IP address filtering.

We also use Distributed Denial of Service (DDoS) mitigation services powered by an industry-leading solution.

Cloud Infrastructure

All of our services run in the cloud. We do not host or run our own routers, load balancers, DNS servers, or physical servers. Corphedge uses leading cloud providers to process your data. what have excellent compliance and regulatory audits including SOC 1/2-3, PCI-DSS, and ISO27001.

Company policies

CorpHedge requires that all employees comply with security policies designed to keep any and all client information safe, and address multiple security compliance standards, rules and regulations. We ensure that all employees are immediately trained on our security policies and at the very least annually conducted thereafter.

Two-factor authentication, VPNs, and strong password controls are required for administrative access to systems. All such policies are reviewed on a regular basis.

This security policy is applicable from 2022, July 1st.