Captivated is committed to controlling security risks and protecting customers. Our team employs coordinated strategies to ensure data security is prioritized.
Captivated’s data is encrypted in transit and at rest. All HTTP traffic is encrypted using Secure Socket Layer (SSL) connections, and traffic is only accepted on port 443. Captivated’s SSL status can be verified here. All data and associated keys stored at rest in our databases are encrypted using the industry-standard AES-256 algorithm. Static files, such as images and other documents, are persisted using AWS S3 storage and encrypted before being stored.
Secure Cloud Infrastructure
All application traffic is proxied through Cloudflare using a Full (strict) SSL/TLS end-to-end encrypted connection, utilizing origin certificates to ensure non-repudiation of the application’s source. All of Captivated’s application and database storage is safely contained within Amazon Web Services’ (AWS) infrastructure, which is accredited by ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), and PCI Level 1. Click here for information about AWS security.
Continuous Security Monitoring
Captivated continuously monitors its infrastructure-as-a-service (IAAS), software-as-a-service (SAAS) environments, and web application to detect potential security incidents in real time. Our staff quickly responds to security alerts using the U.S. Department of Energy’s six-step process for incident handling.
Captivated employees must be explicitly authorized to access company information systems before access is permitted. Access is strictly provisioned according to job function and is removed upon a change in job function or termination. Multifactor authentication is enforced for all Captivated’s employees and all employees and contractors are subject to our Security Policy.
Captivated is using Vanta.com for our compliance review and audit process. We will publish the our SOC-2, HIPAA, and CCPA compliance reports upon completion.
Captivated provides extensive security training as required through Vanta. It also performs thorough background checks on all new employees to ensure that customer data is handled with care.