All of Sagetap’s servers are hosted by Amazon Web Services (AWS) in the United States. All components that process user data operate within AWS data centers. Only a small number of Sagetap’s servers, protected behind load balancers and a firewall, are accessible from the Internet.
Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.
Sagetap follows best practices handling Personally Identifiable Information (PII) with guidance following the California Consumer Privacy Act (CCPA). Sagetap never stores credit card information.
Employees are restricted to handle data required to perform their job. Our staff is trained on proper use of our systems and best practices for security & privacy. All employees have completed background checks and have signed confidentiality agreements.
In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Sagetap client teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.
Sagetap uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.
We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.
Sagetap’s administration platform uses role-based access control to ensure that employees only have access to the data that they require for their job. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.
Sagetap has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Sagetap systems. Where appropriate, Sagetap uses private keys and restricts network access to particular employees.
Sagetap does not track any of its users on third-party sites, nor do we allow third parties to do so.
Before using a third-party vendor, Sagetap carefully evaluates the vendor's security practices. Sagetap removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.