Security & Privacy

Trust Sagetap to protect your profile with care—we maintain security standards and procedures to keep your profile safe

Data Ownership

Your profile is yours—we do not, and will not, sell or rent your information. We do not help third parties advertise products to you

Data Security

Through industry-standard data protection, secure infrastructure, and third-party verification, Sagetap ensures data security across our product ecosystem

External Penetration Testing

Sagetap continually works to identify and fix security vulnerabilities in our product and infrastructure. That’s why we undergo third-party network penetration tests as well as AWS security and corporate infrastructure security assessments and audits.

Bug Bounty program

Sagetap’s internal bug bounty program promotes transparency and provides a channel for external security researchers to report potential security concerns. Our team responds rapidly and rewards based on severity.

If you believe you've discovered a security-related issue, please report it at security@sagetap.io.

Bug Bounty program

Sagetap’s infrastructure is built to protect your data according to high industry standards.Maintaining a secure company, product, and infrastructure is top of mind at Sagetap. Our rigorous security policies and procedures are woven into how we operate as an organization with integrity and ethics.

Hosting

Sagetap hosts data in Amazon Web Services data centers in US East and US West regions and ensures continual product availability by using native backup tools. An industry-leading infrastructure provider, AWS is certified as compliant with ISO 27001 and has received a SOC 2 (Type II) report.

Encryption

Sagetap encrypts all data in transit and at rest. Data transfer is protected using the industry-standard TLS 1.2 protocol, while data at rest in AWS is encrypted using AES-256 server-side encryption. Sagetap uses AWS Key Management Services for database encryption and secure key management.

Cloud

All components that process your data operate in Sagetap’s private network inside our secure cloud platform, and each Sagetap user’s data is isolated from other users’ data. Sagetap’s servers and network ports are behind load balancers and a web application firewall.

Data encryption

Connections between the client apps and the backend infrastructure are protected by up-to-date encryption protocols (including SSL/TLS 1.2) while maintaining compatibility with the cipher suites the client supports. All databases, data storage, and backups are encrypted at rest using AES-256.

Organizational and information security

Sagetap follows best practices handling Personally Identifiable Information (PII) with guidance following the California Consumer Privacy Act (CCPA). Sagetap never stores credit card information.

Employees are restricted to handle data required to perform their job. Our staff is trained on proper use of our systems and best practices for security & privacy. All employees have completed background checks and have signed confidentiality agreements.

Security for team administration

In addition to the security we’ve built at an infrastructure level, we also provide administration features to our paid Sagetap client teams. These features allow administrators to manage their teams and include capabilities to create, transfer, or revoke access as needed.

Product security

Sagetap uses secure, industry-leading services to manage roles and access policies, certificates, encryption keys and secrets, firewalls, network access lists, and log collection and monitoring.

We automatically scan our applications and libraries for known vulnerabilities and apply fixes promptly.

Employee practices

Sagetap’s administration platform uses role-based access control to ensure that employees only have access to the data that they require for their job. We regularly review employees’ access to the systems that hold or process customer data and revoke access for employees who no longer require it to do their work.

Employee practices

Sagetap does not sell or rent users’ personal data to advertisers or to other third parties to enable them to deliver advertisements. For more information, please review our Privacy Policy.

Sagetap has a set of policies and technical controls that prevent employees from accessing customer data that is stored or processed by Sagetap systems. Where appropriate, Sagetap uses private keys and restricts network access to particular employees.

Sagetap does not track any of its users on third-party sites, nor do we allow third parties to do so.

Compliance

Sagetap complies with the EU General Data Protection Regulation (GDPR) and the EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework regarding the collection, use, and retention of personal information transferred from the European Union and Switzerland to the United States. For more details, see Sagetap’s Privacy Policy.

Third-party vendors

Before using a third-party vendor, Sagetap carefully evaluates the vendor's security practices. Sagetap removes personal information from third-party systems if it is no longer needed or if a user requests account deletion.