Updated March 9, 2022
This Security Statement applies to the products, services, websites and apps offered by 吃瓜不打烊., www.TrustScience.com USA Inc. and their affiliates (collectively 鈥湷怨喜淮蜢肉), which are branded as 鈥湷怨喜淮蜢,鈥 except where otherwise noted. We refer to those products, services, websites and apps collectively as the 鈥淪ervices鈥 in this Statement.
吃瓜不打烊 values the trust that our customers place in us by letting us act as custodians of their data. We take our responsibility to protect and secure your information seriously and strive for complete transparency around our security practices detailed below. Our聽聽also provides further details around the ways we handle your data.
吃瓜不打烊鈥檚 information systems and technical infrastructure are hosted with world-class, SOC 2 compliant cloud providers. Physical security controls at the data centers include 24×7 monitoring, cameras, visitor logs, and entry requirements.
吃瓜不打烊 is compliant with legislation that covers Credit Reporting Agencies in both Canada and the US and has received an annual Compliance Certificate to that effect from an independent analytics firm. 吃瓜不打烊 is SOC 2 Type II certified, customers under NDA may request a copy of the report by contacting us.
Access to 吃瓜不打烊鈥檚 technology resources are only permitted through secure connectivity (e.g., VPN, SSH) and requires multi-factor authentication. Our production password policy requires complexity, expiration, and lockout and disallows reuse. 吃瓜不打烊 grants access on a need to know basis of least privilege rules, reviews permissions quarterly, and revokes access immediately after employee termination.
吃瓜不打烊 maintains and regularly reviews and updates its information security policies, at least on an annual basis. Employees must acknowledge policies on an annual basis and undergo additional security awareness training and skills development and/or privacy law training for key job functions.
吃瓜不打烊 conducts background screening at the time of hire. In addition, 吃瓜不打烊 communicates its information security policies to all personnel (who must acknowledge this) and requires new employees to sign non-disclosure agreements, and provides ongoing privacy and security training.
吃瓜不打烊 also has a Cyber Security team which focuses on application, network, and system security. This team is also responsible for security compliance, education, and incident response.
吃瓜不打烊 maintains a documented vulnerability management program which includes periodic scans, identification, and remediation of security vulnerabilities on application and infrastructure. All networks, including test and production environments, are regularly scanned using trusted third party vendors. By leveraging world-class cloud service providers, critical patches are always applied to the 吃瓜不打烊 production and test environments.
We encrypt your data in transit using secure TLS cryptographic protocols. All client data is also encrypted at rest in all environments.
Our development team employs secure coding techniques and best practices. As part of ongoing security awareness training, developers are made aware of secure coding practices that must be followed in the development of 吃瓜不打烊 products.
Development, testing, and production environments are separated. All changes are peer reviewed and logged for performance, audit, and forensic purposes prior to deployment into the production environment.
吃瓜不打烊 maintains an asset management policy which includes identification, classification, retention, and disposal of information and assets. Company-issued devices are equipped with full hard disk encryption and up-to-date antivirus software.
吃瓜不打烊 maintains security incident response policies and procedures covering the initial response, investigation, customer notification (no less than as required by applicable law), public communication, and remediation. These policies are reviewed regularly and tested bi-annually
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if 吃瓜不打烊 learns of a security breach, we will notify affected users so that they can take appropriate protective steps. We are committed to keeping our customers fully informed of any matters relevant to the security of their account and to providing customers all information necessary for them to meet their own regulatory reporting obligations.
To maximize availability, the 吃瓜不打烊 Services are hosted from enterprise-class data centers managed by public cloud providers. This infrastructure is divided into 鈥楢vailability Zones鈥 or AZ. Availability Zones are connected to automatically fail-over between Availability Zones without interruption. Highly resilient systems, and therefore service availability, is a function of the system design. Through the use of Availability Zones and data replication, 吃瓜不打烊 can achieve extremely short recovery time and recovery point objectives, as well as the highest levels of service availability.
Application and infrastructure systems log information to managed log repositories for troubleshooting, security reviews, and analysis by authorized 吃瓜不打烊 personnel.
Keeping your data secure also requires that you maintain the security of your account and API keys by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems. We also offer TLS and SFTP to secure the transmission of data.
To reach 吃瓜不打烊鈥檚 Security and Privacy Officer:
Email: [email protected]
Toll-free: + 1 (866) 687-8789
吃瓜不打烊庐 is a member of the American Financial Services Association (AFSA), the Canadian Lenders Association (CLA), the National Automotive Finance Association (NAF), The Online Lenders Alliance (OLA) and the Texas Consumer Finance Association (TCFA).
吃瓜不打烊庐 is committed to Fair Credit Reporting Act (FCRA) compliance and helping you protect and understand your consumer profile. For more information, please see our Consumer Disclosure Page.
吃瓜不打烊庐, Credit Bureau 2.0庐 and Troo庐 are trademarks that are legally registered to www.TrustScience.com Inc. by the U.S. Patent & Trademark Office.
Credit Bureau+鈩, 厂颈虫掳厂肠辞谤别鈩, Smart Consent鈩, Hidden Prime鈩, Invisible Prime鈩, Credit Bureau 3.0鈩, Credit Bureau 4.0鈩, Personal Credit Bureau鈩, Personal Data Vault鈩, Auto 厂颈虫掳厂肠辞谤别鈩, Auto Bureau鈩, Auto Credit Bureau鈩, Rating Agency 2.0鈩, Cashflow Bureau鈩, One Touch Lending鈩, Lead to Loan鈩, Lender in the Cloud鈩, Fl掳wbuilder鈩, Fl掳wbuilder鈩, FCRA-Compliant Insights From Lead to Loan鈩, Go Beyond the Bureau鈩, Fixing the Credit Catch-22鈩, Find Invisible Primes鈩, and Helping Lenders Find Great Borrowers鈩 are trademarks of www.TrustScience.com Inc.
