At Judge.me, we put trust at the heart of everything we do. That’s why security is one of our top priorities, with our security policies and procedures documented and reviewed at least annually. We want our customers to feel confident while using our apps and customer support services, and rest assured that their personal information and online store records are always secured. And our approach to security is reflected in our SOC2 Type 1 certification, which confirms that we meet the rigorous standards the body has in place.

Our compliance with SOC2 Type 1

Secured personnel

  • We have embedded a culture of security into our business by conducting employee security training using current and emerging techniques. 
  • We control different levels of data access and grant minimal permissions needed for each person to perform their task (Principle of Least Privilege). We revoke access when needed.
  • All employees’ laptops are monitored remotely to ensure relevant security controls are in place.

Secure development

We establish and maintain secure environments for all system development and integration efforts. Our principles for secure engineering are established, documented, and applied consistently throughout the entire development lifecycle.

Secure testing

We subscribe to HackerOne's public bug bounty program. Continuous year-round testing from HackerOne's security experts ensures that our systems are free of vulnerabilities.

Data security

We host and manage data on world-class, secure infrastructure: Heroku and Amazon Web Services (AWS).

We isolate and encrypt data at rest and in transmission to prevent unauthorized access and breaches, ensuring all data and sensitive information are secure.

We have a clear data backup policy and formal procedures to guide the secure retention and disposal of company and customer data.

Data communications between staff and the systems, between multiple systems, or between systems and the users are fully encrypted, with SSH, SSL, and HTTPS.

Vendor management

We assess our vendors and related third parties carefully, ensuring they satisfy our security and privacy requirements, and where applicable, sign non-disclosure agreements before engaging in any activities.

How we get there

We integrated our tools and systems, including G Suite, Github, AWS, Heroku, MongoDB, etc., with Vanta, to automate the complex process of gathering evidence for security audits.

Vanta helps us handle employee security training, device monitoring, and automated alerts on any controls of concern. With a centralized place to manage our security and compliance, we ensure our policies, procedures, and controls are well-managed and maintained.

Prescient Assurance, a leader in security and compliance certifications for B2B and SAAS companies worldwide, carried out the audit. 

To get a copy of our SOC2 Type1 report, please get in touch with support@judge.me.