Sagetap Security Practices

Applications and infrastructure

All of Sagetap’s servers are hosted by Amazon Web Services (AWS) in the United States. All components that process user data operate within AWS data centers. Only a small number of Sagetap’s servers, protected behind load balancers and a firewall, are accessible from the Internet.

Data encryption

Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.

Organizational and information security

Sagetap follows best practices handling Personally Identifiable Information (PII) with guidance following the California Consumer Privacy Act (CCPA). Sagetap never stores credit card information.

Employees are restricted to handle data required to perform their job. Our staff is trained on proper use of our systems and best practices for security & privacy. All employees have completed background checks and have signed confidentiality agreements.

Security for team administration

In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Sagetap client teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.

Product security

Sagetap uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.

We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.

Employee practices

Sagetap’s administration platform uses role-based access control to ensure that employees only have access to the data that they require for their job. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.

Customer data policy

Sagetap does not sell or rent users’ personal data to advertisers or to other third parties to enable them to deliver advertisements. For more information, please review our Privacy Policy.

Sagetap has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Sagetap systems. Where appropriate, Sagetap uses private keys and restricts network access to particular employees.

Sagetap does not track any of its users on third-party sites, nor do we allow third parties to do so.

Compliance

SageTap complies with the EU General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. For more details, see SageTap’s Privacy Policy.

Third-party vendors

Before using a third-party vendor, Sagetap carefully evaluates the vendor's security practices. Sagetap removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.

Ready to sign up for Sagetap?


Request a Demo

Are you a vendor looking to battle-test your product strategies? Request a demo and we'll show you how it works


Request to Join

To request access, tell us more about yourself