The security of your customer data is of paramount concern to us.
Data is an essential part of our business. Even more essential, though, is trust. When it comes to information security, we must continually earn that trust–in the security of our systems and applications, and our ability to protect your data. So we dedicate significant time and resources to security, both during development to ensure we deploy inherently secure solutions, and in our ongoing operations to safeguard against vulnerabilities.
Key Security Features
World-Class Data Centers
Harmonize.Ai's server infrastructure is hosted on Google Cloud. GCP's compliance program is designed to follow international security standards and regulations, while protecting confidentiality and data privacy. Data centers provide the necessary means to operate 24 x 7 and protect data from physical damage and network issues.
When you access Harmonize.Ai, SSL technology protects your information using both server authentication and data encryption in transit. We use TLS with up to 256 AES encryption if supported by the client. Data at rest is protected by FIPS140-2 standards compliant encryption. Backups are encrypted with AES-256. Passwords are never stored as clear text; they are always hashed and salted securely.
This covers the physical and environmental security of servers and data centers, as well as technical security of the network, resources and systems. We work with trusted service partners to provide enterprise-level security to host and maintain our servers, data storage and related technology services.
Our partners’ hosting environment and data centers include the following accreditations:
- ISO 27001
- SOC 1 & SOC 2 / SSAE 16
- PCI Level 1
- FISMA Moderate
Securing the application layer is a serious commitment, involving for example:
- evaluation and selection of technology frameworks for inherent security;
- following a rigorous software development lifecycle;
- using specialized tools for health monitoring and tracking;
- adopting a security mindset in architecture and system design;
- conducting regular vulnerability assessments.
In addition to utilizing a secure hosting environment, data while processed and stored on our platform is encrypted with TLS/SSL protocols when in transit, and block-level storage encryption when at rest.
We fully believe personal data should be kept private and used only for the specific purposes for which it was collected. We've embraced the‘Privacy by Design’ principles advocated by the European Union's General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). We also engage with and stay up to date on new policies and general best practices for Qualitative Research data and ethical social science.
Data privacy compliance
In addition to fully adhering to international regulations like the GDPR standard, we've also adopted the same approaches within our platform, where clients benefit from several tools and features to help with GDPR compliance, including:
- Built-in data classification models
- Your own data retention policy mechanism
- Tools for data access and rectification
- User authentication & permission controls
- Plain language privacy statement
- Security audit logs
If you have any concerns, wish to report an incident, or for general security questions, please contact us here.