Our Commitment To Your Security
At Captivated, we take your data and privacy seriously. We are committed to controlling security risks and protecting customers. Our team employs coordinated strategies to ensure data security is prioritized; from end-to-end encryption and other security-oriented features, to enforcing ongoing security practices for your protection, we keep compliance at the forefront of our data operations.
Whether you’re working with customers in your medical practice, handling personal financial data and investments, or serving your community in a domestic violence shelter, we are prepared to equip your organization with the secure protection you need.
Unmatched security - with the compliance certifications to prove it:
More on how we're keeping you and your customers safe:
Encryption
Captivated’s data is encrypted in transit and at rest. All HTTP traffic is encrypted using Secure Socket Layer (SSL) connections, and traffic is only accepted on port 443. Captivated’s SSL status can be verified here. All data and associated keys stored at rest in our databases are encrypted using the industry-standard AES-256 algorithm. Static files, such as images and other documents, are persisted using AWS S3 storage and encrypted before being stored.
Secure Cloud Infrastructure
All application traffic is proxied through Cloudflare using a Full (strict) SSL/TLS end-to-end encrypted connection, utilizing origin certificates to ensure non-repudiation of the application’s source. All of Captivated’s application and database storage is safely contained within Amazon Web Services’ (AWS) infrastructure, which is accredited by ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), and PCI Level 1. More information about AWS security can be found here.
Access Controls
Captivated employees must be explicitly authorized to access company information systems before access is permitted. Access is strictly provisioned according to job function and is removed upon a change in job function or termination. Multifactor authentication is enforced for all Captivated’s employees and all employees and contractors are subject to our Security Policies.
Continuous Security Monitoring
Captivated continuously monitors its infrastructure-as-a-service (IAAS), software-as-a-service (SAAS) environments, and web application to detect potential security incidents in real time. Our staff quickly responds to security alerts using the U.S. Department of Energy’s six-step process for incident handling.
Staff Security Training
Captivated provides extensive security training as required through Vanta. It also performs thorough background checks on all new employees to ensure that customer data is handled with care.
Third Party Testing
Captivated is using Vanta.com for our compliance review and audit process. We will publish our SOC-2, HIPAA, and CCPA compliance reports upon completion.
Additional Security Resources
Check out our guide to enabling or setting up multi-factor authentication within Captivated
Learn how to set and manage user Admin Roles within your company’s account in Captivated
Read our legal disclosures and official privacy terms document to get a full understanding of our practices