World-Class Security

construction site

People Data Labs is committed to the safety and security of our customers and their data.

People Data Labs performs internal audits at regular intervals to ensure ongoing compliance with NIST 800-53r5 standards. Our infrastructure and software are designed to be compliant from the ground up with GDPR, CCPA, and all global privacy regulations. We utilize industry standards from the National Institute of Standards and Technology (NIST) and Center for Internet Security (CIS).

Today, every company is a data company.
Which means every company needs to prioritize security.

GDPR text and lock in circle
General Data Protection Regulation · GDPR

We have worked to enhance our products, processes, and procedures to ensure our practices are GDPR-compliant. Read more about GDPR.

CCPA text, with California and a lock in a circle
California Consumer Privacy Act · CCPA

People Data Labs is compliant under the California Consumer Privacy Act (CCPA) and works with our customers on any CCPA considerations. Read more about CCPA.

SOC2 text, with llama in a circle
SOC 2 Type 2

We’re proud to announce that we have reinforced our commitment to your security by achieving SOC 2 Type 2 compliance as defined by the American Institute of Certified Public Accountants (AICPA). Read more about SOC 2 Type 2 or download the SOC 3 report.

Our Security Commitment

Confidentiality

We protect our data union with using FIPS 140-2 Compliant Algorithms for encryption and the 24 x 7 monitoring for vulnerabilities and malware. We comply with least privilege access, we grant engineers access only to information necessary for their job duties and when access is no longer needed, we make sure to promptly remove it. All information is encrypted at rest in and in transit.

Integrity

We safeguard all data against improper modification and ensure the information has not been modified or deleted in an unauthorized and undetected manner. We monitor all modifications via AWS CloudTrails. All information is encrypted at rest and in transit.

Availability

We utilize the highest level of availability in Amazon Web Services. Our data is available across multiple availability zones and backup across regions. We employ auto scaling techniques to ensure we have the maximum performance and availability for our customers.

Security Measures

Data Encryption

People Data Labs uses several methods to ensure our data is secure and to prevent unauthorized access. To secure our platform, People Data Labs follows a continuous monitoring program. We follow this program through the development of proactive and detective capabilities. Our Incident Response Policy assesses the threat of security incidents and establishes a plan to mitigate the problem, ensuring that even in the event of a breach, our data is secure.

Monitoring Data Systems

Our customer data and infrastructure are monitored and secure. People Data Labs leverages AWS and Elastic Cloud data centers for our customer data and production systems. AWS follows industry best practices and follows strict standards for monitoring access to People Data Labs data. For more information on AWS Data Center Physical Security, see their physical security whitepaper.

Elastic Cloud handles the following security features for us:

  • Prevention of unauthorized access with password protection
  • Role-based access control
  • Preservation the integrity of your data with message authentication and SSL/TLS encryption
Incident Event Management

As stated in our internal Business Continuity and Disaster Recovery Plan, People Data Labs conducts penetration tests on external networks quarterly. AWS is designed to dynamically deploy applications within the cloud, monitor for failures, and recover failed platform components.Backup files are stored redundantly across multiple availability zones and are encrypted. For major events, we will notify affected people within 24 hours of a determination.

Data Recovery

People Data Labs data is distributed across two of the AWS availability zones. We currently use the Oregon and Northern California locations. This posture allows for a more stable infrastructure with redundant servers. The platform has built-in mechanisms to detect non-operating or operating in a degraded state. It will automatically scale within the alternate zone to ensure that services remain available and responsive.

Operations Management

All code changes and application updates to our data systems are reviewed for security issues before us. People Data Labs separates development, testing, storing, and producion enviornments in different engineering segments.

Monitoring

All People Data Labs’ owned servers have quarterly security updates, and intrusion detection systems monitor for all possible security incidents.