Customer-centric
Security Assurance

Continuous testing: In our commitment to maintaining top-notch security, we go beyond the conventional practice of conducting security assessments on an annual basis. Instead, we’ve integrated security testing seamlessly into every stage of our product development lifecycle. This means that security evaluations, vulnerability assessments, and penetration testing are conducted regularly, ensuring that we stay ahead of potential threats and vulnerabilities. By continuously testing our systems, we can swiftly identify and address security issues, ultimately enhancing the protection of our products and your data.

Patch management: Keeping our systems secure is a top priority for us. To achieve this, we’ve established a robust patch management process. This process allows us to swiftly identify security vulnerabilities and apply the necessary patches to address them. Whether it’s a critical software update or a routine security enhancement, our team is proactive in ensuring that our systems remain up-to-date and resilient against emerging threats. By maintaining an effective patch management process, we bolster the security of our infrastructure, reducing the risk of security breaches and downtime.

Security by design: We recognize that security should not be an afterthought; it should be an integral part of our development process from the outset. This approach encompasses various aspects, including secure coding practices and thorough threat modeling. Our development teams are trained to follow secure coding guidelines, minimizing the introduction of vulnerabilities in our software. Additionally, we conduct comprehensive threat modeling exercises to identify potential security risks early in the development cycle. By weaving security into our development process, we strive to deliver solutions that are not only innovative but also inherently secure, providing you with a robust and trustworthy experience.

Awareness training: DealHub employees undergo periodic security awareness training to keep them up-to-date with the latest security threats and best practices. These training sessions help our staff recognize potential security risks and adopt security-conscious behaviors in their daily tasks. By fostering a culture of security awareness, we empower our team to play an active role in maintaining a secure environment.

Incident response training: Security incidents can happen, and when they do, a swift and effective response is crucial. Our employees are well-versed in the protocols and procedures for responding to security incidents. This ensures that when faced with a security issue, our team can take immediate and precise actions to mitigate the impact and protect our systems and your data. We prioritize readiness and efficiency in handling security incidents to minimize any potential disruptions.

SDLC training: To stay at the forefront of security practices, our developers receive periodic training on Secure Development Life Cycle (SDLC). This training equips them with the knowledge and skills needed to design, code, and test applications with security in mind. By integrating security into the development process from the ground up, we aim to create software that is inherently secure, reducing the likelihood of vulnerabilities that could be exploited by malicious actors. Our commitment to SDLC training reflects our dedication to delivering solutions that prioritize agility, efficiency, and security.

DR plan testing: We understand that having a plan in place is not enough; it must also be effective in real-world emergency situations. That’s why we conduct routine tests to validate the readiness of our DR plans. These tests simulate various disaster scenarios, allowing us to identify potential weaknesses and make necessary improvements. By continually refining our DR plans, we aim to ensure that our systems can swiftly recover and minimize downtime in the face of adversity.

Automated backups: To enhance the reliability of our data protection efforts, we rely on automated backup processes. Automation reduces the risk of human error, ensuring that critical data is consistently and accurately backed up. This approach not only bolsters data integrity but also streamlines the backup process, enabling us to focus on other critical aspects of security and operational stability. Your data’s safety is of paramount importance, and our automated backup practices play a key role in upholding this commitment.

At DealHub, safeguarding your data is a paramount concern, and we have implemented a comprehensive set of measures to ensure its security and privacy throughout its lifecycle.

We maintain meticulous documentation of how and where Customer Content is processed while it’s within DealHub’s possession or under our control. This documentation helps us maintain transparency and accountability in handling your valuable data.

All data in transit transmissions are secured and encrypted using HTTPS protocol at 2048 bit, using TLS 1.2 or higher, ensuring that your data remains confidential and intact during transit. Furthermore, all data at rest is encrypted with an AES 256-bit algorithm, including salt hashing, providing additional protection for your information. This approach guarantees that your data remains secure, whether actively used or stored in our systems.

We take extra care to ensure the logical separation of Customer Content from that of other DealHub customers. This isolation is crucial to maintaining data integrity and confidentiality, assuring you that your data is distinct and protected within our environment.

Retention periods for Customer Content are meticulously defined and adhered to. We retain your data only for as long as it’s necessary to fulfill the purpose(s) for which it was originally collected. This commitment to data minimization ensures that we don’t retain your information longer than required, respecting your privacy and data management preferences.

Lastly, any transfer or exchange of Customer Content is conducted with the utmost security. We employ secure methods and protocols to transfer or exchange data, ensuring that your information remains safe and protected throughout any such process. Your data’s security is at the core of our practices, and we continually strive to maintain the highest standards in data protection.

To ensure transparency and build trust with our customers, DealHub is committed to providing certain third-party attestations upon reasonable written request. These attestations are essential in demonstrating our dedication to security and compliance.

Firstly, we provide our customers with access to our SOC 2 Type 2 report. This report is issued by a licensed Certified Public Accountant (CPA) in good standing. SOC 2 Type 2 is a widely recognized auditing standard that evaluates a service organization’s controls and safeguards. It provides valuable insights into our security practices, control environment, and the effectiveness of our security measures over a defined period. This report serves as a testament to our commitment to maintaining the highest standards of security and data protection.

Secondly, we furnish our customers with a report or summary of findings from a penetration test (pen test) or vulnerability assessment. Importantly, these tests are conducted by an independent party and documented by that very independent entity. This ensures an unbiased and impartial evaluation of our security posture. Penetration tests and vulnerability assessments are crucial components of our security strategy, allowing us to proactively identify and address potential weaknesses in our systems. By sharing these findings, we demonstrate our commitment to transparency and the continuous improvement of our security measures.

These third-party attestations not only showcase our dedication to security but also provide our customers with the assurance that their data and interests are being protected with the utmost diligence and professionalism. Our aim is to foster a relationship built on trust, and these attestations are a tangible demonstration of our commitment to that goal.

At DealHub, we prioritize incident response as a core element of our security strategy. We maintain an up-to-date information security incident response plan, which includes customer involvement. Clear management responsibilities and procedures are established for a swift, effective, and organized response to security incidents. Timely reporting of security events through appropriate channels is crucial. Additionally, we actively monitor and review our systems to swiftly address unauthorized processing of Customer Content, ensuring data integrity and minimizing potential impacts. Our goal is to respond professionally and promptly to maintain your trust and data security.

The security of your data is a continuous commitment. To ensure its protection, DealHub established a robust process for identifying and promptly remedying vulnerabilities in our systems, devices, and applications. This proactive approach includes the timely application of patches, updates, bug fixes, or any necessary modifications to maintain the security of Customer Content.

In addition to routine vulnerability scans, we also conduct penetration tests on the IT infrastructure responsible for processing Customer Content. These tests are an essential part of our security strategy, allowing us to simulate potential attacks and vulnerabilities. By actively seeking out and addressing weaknesses in our systems, we aim to maintain a strong defense against potential threats and vulnerabilities, providing you with the assurance that your data remains safeguarded at all times.

Our approach to software development at DealHub is anchored in a commitment to security and reliability. We ensure that all software we develop or maintain for our customers adheres to a rigorous Software Development Life Cycle (SDLC) process. This process is designed to create software that is not only functional but also free of any known critical, severe, high, and medium-rated application security vulnerabilities, as defined by industry standards.

To achieve this, we have established and documented principles for engineering secure systems. These principles are not just theoretical; they are actively maintained and applied to every information systems implementation effort. This ensures that security is woven into the fabric of our software from its inception.

We also prioritize the separation of development, testing, and production environments, both physically and logically. This segregation helps prevent unauthorized or unintended changes to the production environment, preserving the integrity and stability of our systems.

Changes to production systems are meticulously tracked, recorded, and reviewed, with a commitment to maintaining or exceeding the current level of security and protection. Our personnel undergo regular training in secure coding techniques, ensuring that security is at the forefront of their development practices.

Our SDLC process includes comprehensive software security reviews, covering all aspects of applications delivered to our customers. This includes custom code, components, products, and system configurations. These reviews encompass rigorous testing for security vulnerabilities, providing assurance that open-source code used in product development is free from known vulnerabilities and is kept up to date.

In the event that any critical, severe, or high-rated vulnerabilities are identified, we take immediate action to remediate and retest them. For medium, low, or informational-rated security issues discovered after delivery, we address them with the same diligence as other bugs and issues in accordance with the terms outlined in our Agreement. Our unwavering commitment to secure software development ensures that your data remains protected and your trust in our products is well-placed.