World-class security
Data plays an important role in making the products and services we use more helpful. We are committed to industry-leading security standards and responsible data practices.
Our Security Principles
In addition to our certifications and attestations, we strictly adhere to standards from the National Institute of Standards and Technology (NIST), Center for Internet Security (CIS) and International Organization for Standardization (ISO).
This Security Center provides details on the security principles, data privacy policies, and compliance practices that guide the development of our data products from design.
Confidentiality
All information is encrypted at rest in and in transit. Our data union is equipped with FIPS 140-2 Compliant Algorithms for encryption and 24 x 7 monitoring for vulnerabilities and malware. We systematically limit internal access to critical tools and resources using time-based access.
Integrity
We safeguard all data against improper modification and ensure the information has not been modified or deleted in an unauthorized and undetected manner.
Availability
Our data is available across multiple availability zones and backup across regions. We employ auto scaling techniques to ensure we have the maximum performance and availability for our customers.
Certifications and attestations
We maintain a comprehensive suite of certifications and attestations to further demonstrate our commitment to security and privacy.
SOC 2 Type 2
»We are compliant with SOC 2 Type 2 as defined by the American Institute of Certified Public Accountants (AICPA).
ISO 27001
»We are compliant with ISO 27001, the international gold standard for information security management systems (ISMS) and their requirements.
Data Encryption
People Data Labs uses several methods to ensure our data is secure and to prevent unauthorized access. To secure our platform, People Data Labs follows a continuous monitoring program. We follow this program through the development of proactive and detective capabilities. Our Incident Response Policy assesses the threat of security incidents and establishes a plan to mitigate the problem, ensuring that even in the event of a breach, our data is secure.
Monitoring Data Systems
Our customer data and infrastructure are monitored and secure. People Data Labs leverages AWS and Elastic Cloud data centers for our customer data and production systems. AWS follows industry best practices and follows strict standards for monitoring access to People Data Labs data. For more information on AWS Data Center Physical Security, see their physical security whitepaper.
Incident Event Management
As stated in our internal Business Continuity and Disaster Recovery Plan, People Data Labs conducts penetration tests on external networks quarterly. AWS is designed to dynamically deploy applications within the cloud, monitor for failures, and recover failed platform components.Backup files are stored redundantly across multiple availability zones and are encrypted. For major events, we will notify affected people within 24 hours of a determination.
Data Recovery
People Data Labs data is distributed across two of the AWS availability zones. We currently use the Oregon and Northern California locations. This posture allows for a more stable infrastructure with redundant servers. The platform has built-in mechanisms to detect non-operating or operating in a degraded state. It will automatically scale within the alternate zone to ensure that services remain available and responsive.
Operations Management
All code changes and application updates to our data systems are reviewed for security issues before us. People Data Labs separates development, testing, storing, and production environments in different engineering segments.
Monitoring
All People Data Labs’ owned servers have quarterly security updates, and intrusion detection systems monitor for all possible security incidents.
