Data Protection and Security
Security and privacy of our customers’ data is our number one priority. Spin.AI is committed to ensuring that our security and privacy controls meet or exceed security best practices and regulatory requirements.
Security
Secure Cloud Ecosystem
Spin.AI works only with the world’s top cloud services providers for storing and processing customer data. At the time of the registration with the Spin.AI application services, customers can choose which cloud services provider to use for their data backups. Our cloud services provider partners are:
Amazon Web Services (AWS);
Microsoft Azure;
Google Cloud Platform (GCP).
In addition to the cloud provider choice, Spin.AI customers select a geographical region where their data will be stored. Once selected, your data always remains in that region to ensure compliance with any international data transfer restrictions.
Data Security
Your backed up data always remains encrypted while at rest and when transmitted. We use only the latest versions of secure algorithms and protocols such as TLS 1.3 for data transmissions and AES-256 for the stored data encryption. To provide even more protection from a potential data breach, we took the security of stored data to the next level. Instead of implementing encryption at the storage level, we encrypt each backed up data object (email, document, contact, etc.) with a unique encryption key. This means that even our engineers don’t have access to your data, and a single key compromise would only allow access to a single object.
Access Control
Physical access security is provided by the best-in-class data centers maintained by our cloud infrastructure partners (AWS, Azure, and GCP). Spin.AI uses strict logical access controls including strong passwords, multi-factor authentication, and deny-by-default network and system access. All cloud-hosted system components are only accessible through a bastion host over a secure remote Virtual Private Network (VPN).
Service Level Agreement
Spin’s backup and restore capability when used in SaaS mode and managed by Spin.AI guarantees 99.9% SLA and 99.9% success for your backups. That means your data should always be accessible and properly backed up.
Compliance
While Spin.AI does not have direct access to customers’ data, we are committed to supporting our customers’ regulatory, legal, and contractual requirements. Spin.AI conducts periodic compliance assessments to ensure compliance with the following regulations:
1.The General Data Protection Regulation (GDPR)
2.The Health Insurance Portability and Accountability Act (HIPAA)
3.The California Consumer Privacy Act (CCPA)
4.The Payment Card Industry Data Security Standard (PCI-DSS)
Any identified compliance gaps are documented, reported to the Security Council, and monitored until addressed.
To support our customers’ compliance requirements, Spin.AI signs Business Associate Agreements (BAA) and Data Processing Addendum (DPA) when necessary.
Assurance
SOC 2 Type II
To assure our customers of the effectiveness of Spin’s controls implemented to protect customers’ data, Spin.AI undergoes a SOC 2 Type II audit and issues the audit report on an annual basis. The report is available to our existing and potential customers upon a formal request and signing of Non-Disclosure Agreement (NDA). Please contact our Support Team or your sales point of contact to request a copy of the report.
Data Privacy Framework
Spin.AI is certified under EU-U.S./UK-U.S./Swiss-U.S. Data Privacy Frameworks. The EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework were developed to facilitate transatlantic commerce by providing U.S. organizations with reliable mechanisms for personal data transfers to the United States from the European Union / European Economic Area, the United Kingdom (and Gibraltar), and Switzerland that are consistent with EU, UK, and Swiss law.
Cloud Security Alliance (CSA)
Cloud Security Alliance (CSA) is the most recognized cloud service provider certification program, the CSA Security, Trust & Assurance Registry (STAR). Spin’s Consensus Assessment Initiative Questionnaire (CAIQ) is published in the CSA STAR registry.