Data Protection and Security
Security and privacy of our customers’ data is our number one priority. Spin Technology is committed to ensuring that our security and privacy controls meet or exceed security best practices and regulatory requirements.
Secure Cloud Ecosystem
Spin works only with the world’s top cloud services providers for storing and processing customer data. At the time of the registration with the Spin application services, customers can choose which cloud services provider to use for their data backups. Our cloud services provider partners are:
Amazon Web Services (AWS);
Google Cloud Platform (GCP).
In addition to the cloud provider choice, Spin customers select a geographical region where their data will be stored. Once selected, your data always remains in that region to ensure compliance with any international data transfer restrictions.
Your backed up data always remains encrypted while at rest and when transmitted. We use only the latest versions of secure algorithms and protocols such as TLS 1.3 for data transmissions and AES-256 for the stored data encryption. To provide even more protection from a potential data breach, we took the security of stored data to the next level. Instead of implementing encryption at the storage level, we encrypt each backed up data object (email, document, contact, etc.) with a unique encryption key. This means that even our engineers don’t have access to your data, and a single key compromise would only allow access to a single object.
Physical access security is provided by the best-in-class data centers maintained by our cloud infrastructure partners (AWS, Azure, and GCP). Spin uses strict logical access controls including strong passwords, multi-factor authentication, and deny-by-default network and system access. All cloud-hosted system components are only accessible through a bastion host over a secure remote Virtual Private Network (VPN).
Service Level Agreement
Spin’s backup and restore capability when used in SaaS mode and managed by Spin guarantees 99.9% SLA and 99.9% success for your backups. That means your data should always be accessible and properly backed up.
While Spin does not have direct access to customers’ data, we are committed to supporting our customers’ regulatory, legal, and contractual requirements. Spin conducts periodic compliance assessments to ensure compliance with the following regulations:
1.The General Data Protection Regulation (GDPR)
2.The Health Insurance Portability and Accountability Act (HIPAA)
3.The California Consumer Privacy Act (CPPA)
4.The Payment Card Industry Data Security Standard (PCI-DSS)
Any identified compliance gaps are documented, reported to the Security Council, and monitored until addressed.
To support our customers’ compliance requirements, Spin signs Business Associate Agreements (BAA) and Data Processing Addendum (DPA) when necessary.
SOC 2 Type II
To assure our customers of the effectiveness of Spin’s controls implemented to protect customers’ data, Spin undergoes a SOC 2 Type II audit and issues the audit report on an annual basis. The report is available to our existing and potential customers upon a formal request and signing of Non-Disclosure Agreement (NDA). Please contact our Support Team or your sales point of contact to request a copy of the report.
Spin is certified under the EU-US Privacy Shield, and our certification can be validated at the Privacy Shield website:
Although the Court of Justice of the European Union issued a judgment in July 2020 declaring the European Commission Decision 2016/1250 as invalid (on the adequacy of the protection provided by the EU-US Privacy Shield), this decision does not relieve participants in the EU-US Privacy Shield of their obligations under the framework, and Spin maintains its Privacy Shield certification.