Trust Hub

Security - The Foundation of Trust

At Anecdotes, ensuring the optimal security of data is at the core of our mission. With strong roots in information security and compliance, we continually strive to implement the highest-level security processes and practices across all business units.

Our security practices are based on industry-leading standards and are audited annually. Our security framework includes policies and procedures, Application & Data Security, Cloud and Infrastructure security, Endpoint security & Incident response.
Below, we detail the steps and procedures we take to keep our data, and that of our customers, safe and secure at all times.

SOC 1

SOC 2

GDPR

Visit the Anecdotes Trust Center

Application & Data Security

Penetration Testing

We conduct penetration tests using external vendors at least once every 12 months to identify and address vulnerabilities.

Attack Prevention

We utilize Anti-DDoS protection and a Web Application Firewall (WAF) to safeguard against malicious attacks.

Data In Transit

All traffic transferred to Anecdotes is encrypted over https using TLS 1.2 and above, ensuring data integrity and privacy.

Data At Rest

Data is encrypted in our databases using AES 256-bit encryption by default, providing robust protection for stored information.

End-Point Security

Malware Protection

All devices are fully protected by our endpoint detection and response platform, offering real-time threat detection and remediation.

Mobile Device Management

Devices are fully managed, including security patch management, policies, and other best practices to ensure comprehensive protection.

Cloud Security

Infrastructure Compliance

We use multi-layered controls to protect our infrastructure, constantly monitoring and improving our systems to meet growing security demands. We rely on Google Cloud Platform (GCP), a highly-regulated and compliant data center that meets stringent regional and international certification requirements.

Asset Management and Ownership

Access to production infrastructure is limited to the minimum number of individuals, based on a least-privilege and need-to-know basis, ensuring only authorized personnel can access sensitive data.

General

Hiring

The Anecdotes’ screening process involves comprehensive background checks and personal interviews conducted by HR hiring managers. Where applicable, additional background checks are performed in accordance with local laws.

Security Training

New employees undergo a rigorous onboarding process that includes detailed explanations of security guidelines, expectations, and code of conduct. All Anecdotes employees participate in annual security awareness training to ensure they remain informed about the latest security practices and threats.

Anecdotes’ Privacy Policy page

Our Commitment to Trust

Our commitment to a strong compliance foundation serves as the backbone for a robust security posture. We continually optimize our compliance posture to benefit our customers and serve as a model for other companies.
As a leading Security Compliance provider, we understand that working in a cloud-based environment may raise concerns about the confidentiality and protection of sensitive data. Anecdotes' security mechanisms protect all network and application components of our platform. Our transparency in security policies and processes enables brands to trust us with their most confidential data.
This trust is the foundation on which our customers leverage the business benefits of our SaaS solution.
To learn more about the measures we take to maintain a strong foundation of trust and security, please contact us at: security@anecdotes.ai

Frequently Asked Questions

Have questions? We’ve got answers. If you can’t find what you're looking for, feel free to get in touch.

How does Anecdotes secure its users’ access to the OS

Customers using an IDP solution within their organization can connect it to the Anecdotes OS. Anecdotes works with SAML 2.0 standard for SSO.

Is Anecdotes customer data encrypted?

Yes, Data at rest is encrypted using AES256 bit, while Data in transit is encrypted over TLS 1.3.

Where are Anecdotes’ data centers located?

Anecdotes stores its data within the US using GCP.

What type of data does Anecdotes collect and process in order to provide its services?

Anecdotes collects and processes data in accordance with specific data permissions provided by you – our Client. Some of the main categories are name, address, e-mail address, phone number, company name, industry, website URL, IPs, devices names. In addition, list of vendors and a sample of customers list. While some Clients might upload Personal Data of their own customers, however Anecdotes does not process such Data.

Will Anecdotes transfer data outside of the Client’s territory?

Since the location of data is mostly at Client’s own systems, the access to data can be either from Client’s location or from Anecdotes offices in Israel. Therefore, the data is shared and accessed from the Client’s location or Israel, on an ongoing basis. Additionally, in order to provide a global service, we share and/or store data required to provide ongoing maintenance and support with our regional offices and some of our sub-processors. We rely on “appropriate safeguards” for the transfer of personal data outside of Europe, most commonly the European Commission’s standard contractual clauses.

Does Anecdotes offer a Data Processing Agreement (“DPA”)?

Yes we do, please see attached our DPA in which we commit to operate in accordance with applicable laws.

For how longs does Anecdotes retain its clients data?

Client data will be deleted after expiration/termination of the services, all in accordance with the Terms of Use and Anecdotes policies. Additionally, Client may make a specific deletion written request at any time.

Does Anecdotes have dedicated Security personnel?

Yes, Anecdotes has a dedicated security team.

Does Anecdotes have a Data Processing Agreement to cover GDPR requirements?

Yes, Anecdotes has a DPA.

What are Anecdotes’ sub-processors?

Please see the link

While providing the services, will Anecdotes act as a Data Controller or Data Processor?

Anecdotes acts as Data Processor, and the Client acts as a Data Controller, in respect to data provided by customers. Anecdotes will only process data for the purposes of providing the service to its Clients and will act on the Client’s instructions.

How would Anecdotes deal with a breach or suspected breach of data?

Anecdotes has a well-maintained and up-to-date incident response policy and stay on top of security developments through the expertise of our own people and the advice of leading external legal and professional services consultants. We would report data breaches in accordance with our legal obligations.

Who at Anecdotes can access the data?

As a default - employees do not access customers’ data, however - if needed, the access will be done only by those specifically authorized personnel who their access is required in order to providesuccessful delivery, operation and service to the Clients may access data.

What training and internal processes does Anecdotes have in place to ensure that its staff are appropriately trained?

All of our personnel are bound by strict duties of confidentiality and are required to undergo periodic training courses on information security, GDPR compliance, and other applicable regulations. We also appointed DPO for monitoring and advising on ongoing privacy and compliance matters.

If you have any questions that haven’t been answered, please feel free to reach out to us. Security is at the core of everything we do and we’re super happy to share any relevant information regarding our security practices and philosophy.