Our Commitment To Your Security
At Captivated, we take your data and privacy seriously. We are committed to controlling security risks and protecting customers. Our team employs coordinated strategies to ensure data security is prioritized; from end-to-end encryption and other security-oriented features, to enforcing ongoing security practices for your protection, we keep compliance at the forefront of our data operations.
Whether you’re working with customers in your medical practice, handling personal financial data and investments, or serving your community in a domestic violence shelter, we are prepared to equip your organization with the secure protection you need.
Unmatched security - with the compliance certifications to prove it:
![](https://captivated.works/wp-content/uploads/2023/09/Compliance-Badges-SOC-2-1.png)
![Badge of certification for CCPA (California Consumer Protection Act) compliance which verifies protection of personal consumer data](https://captivated.works/wp-content/uploads/2023/09/Compliance-Badges-CCPA.png)
![Seal of compliance for HIPAA (Health Insurance Portability and Accountability Act) privacy communication practices](https://captivated.works/wp-content/uploads/2023/09/Compliance-Badges-HIPAA.png)
More on how we're keeping you and your customers safe:
Encryption
Captivated’s data is encrypted in transit and at rest. All HTTP traffic is encrypted using Secure Socket Layer (SSL) connections, and traffic is only accepted on port 443. Captivated’s SSL status can be verified here. All data and associated keys stored at rest in our databases are encrypted using the industry-standard AES-256 algorithm. Static files, such as images and other documents, are persisted using AWS S3 storage and encrypted before being stored.
![Financial advisor scheduling private investment consultation through encrypted scheduling and form collection tool](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-1.22.45-PM-1024x682.png)
Secure Cloud Infrastructure
All application traffic is proxied through Cloudflare using a Full (strict) SSL/TLS end-to-end encrypted connection, utilizing origin certificates to ensure non-repudiation of the application’s source. All of Captivated’s application and database storage is safely contained within Amazon Web Services’ (AWS) infrastructure, which is accredited by ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), and PCI Level 1. More information about AWS security can be found here.
![Secure data cloud infrastructure](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-1.48.12-PM-1024x751.png)
Access Controls
Captivated employees must be explicitly authorized to access company information systems before access is permitted. Access is strictly provisioned according to job function and is removed upon a change in job function or termination. Multifactor authentication is enforced for all Captivated’s employees and all employees and contractors are subject to our Security Policies.
![Captivated employee access controls for customer account data protection](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-2.16.40-PM-1024x714.png)
Continuous Security Monitoring
Captivated continuously monitors its infrastructure-as-a-service (IAAS), software-as-a-service (SAAS) environments, and web application to detect potential security incidents in real time. Our staff quickly responds to security alerts using the U.S. Department of Energy’s six-step process for incident handling.
![Continuous security monitoring on app and software data at all times within the Captivated system](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-2.05.23-PM-1024x795.png)
Staff Security Training
Captivated provides extensive security training as required through Vanta. It also performs thorough background checks on all new employees to ensure that customer data is handled with care.
![Captivated staff undergoes significant security training through Vanta and internal processes](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-3.05.02-PM-1024x712.png)
Third Party Testing
Captivated is using Vanta.com for our compliance review and audit process. We will publish our SOC-2, HIPAA, and CCPA compliance reports upon completion.
![Third party testing for regulatory compliance and certification](https://captivated.works/wp-content/uploads/2023/09/Screen-Shot-2023-09-15-at-2.23.07-PM-1024x783.png)
Additional Security Resources
Check out our guide to enabling or setting up multi-factor authentication within Captivated
Learn how to set and manage user Admin Roles within your company’s account in Captivated
Read our legal disclosures and official privacy terms document to get a full understanding of our practices