What data security practices are in place at Source Medium?

What data security practices are in place at Source Medium? 🔐

Data security and privacy is our #1 priority, so we make sure that:

  • all PII (personally identifiable information) is hashed / encrypted in transit and at rest (in secure warehouse— US-based)
  • PII is not revealed by default in the dashboard— exceptions can be made on a case-by-case basis
  • access to the dashboard is controlled by designated managers on your team
  • only internal R&D team members from Source Medium have access to customer datasets; external R&D contractors have access to obfuscated (hashed) datasets
  • we only use data ingestion solutions that do not copy data
  • we deploy and follow policies and procedures to detect, respond to, and otherwise address security incidents including procedures to (i) identify and respond to reasonably suspected or known Security Incidents, mitigate harmful effects of Security Incidents, document security incidents and their outcomes, and (ii) restore the availability or access to Customer Personal Data in a timely manner
  • we provide written notice without undue delay (but in no event longer than twenty-four (24) hours) to customer if we reasonably suspect that a security incident has taken place. Such notice will include all available details required under Data Protection Laws for customer to comply with its own notification obligations to regulatory authorities or individuals affected by the security incident

Questions? Reach out on Slack or support@sourcemedium.com