Security & Privacy
Trust Sagetap to protect your profile with care—we maintain security standards and procedures to keep your profile safe
Your profile is yours—we do not, and will not, sell or rent your information. We do not help third parties advertise products to you
Through industry-standard data protection, secure infrastructure, and third-party verification, Sagetap ensures data security across our product ecosystem
External Penetration Testing
Sagetap continually works to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests as well as AWS security and corporate infrastructure security assessments and audits.
Bug Bounty program
Sagetap’s internal bug bounty program promotes transparency and provides a channel for external security researchers to report potential security concerns. Our team responds rapidly and rewards based on severity.
If you believe you've discovered a security-related issue, please report it at email@example.com.
Bug Bounty program
Sagetap’s infrastructure is built to protect your data according to high industry standards.Maintaining a secure company, product, and infrastructure is top of mind at Sagetap. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.
Sagetap hosts data in Amazon Web Services data centers in US East and US West regions and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type II) report.
Sagetap encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Sagetap uses AWS Key Management Services for database encryption and secure key management.
All components that process your data operate in Sagetap’s private network inside our secure cloud platform, and each Sagetap user’s data is isolated from other users’ data. Sagetap’s servers and network ports are behind load balancers and a web application firewall.
Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.
Organizational and information security
Sagetap follows best practices handling Personally Identifiable Information (PII) with guidance following the California Consumer Privacy Act (CCPA). Sagetap never stores credit card information.
Employees are restricted to handle data required to perform their job. Our staff is trained on proper use of our systems and best practices for security & privacy. All employees have completed background checks and have signed confidentiality agreements.
Security for team administration
In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Sagetap client teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.
Sagetap uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.
We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.
Sagetap’s administration platform uses role-based access control to ensure that employees only have access to the data that they require for their job. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.
Sagetap has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Sagetap systems. Where appropriate, Sagetap uses private keys and restricts network access to particular employees.
Sagetap does not track any of its users on third-party sites, nor do we allow third parties to do so.
Before using a third-party vendor, Sagetap carefully evaluates the vendor's security practices. Sagetap removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.