To validate the effectiveness of our information security program, Deed continuously monitors and assesses our security programs, including through:
SOC 2 Type 2 certified
Routine vulnerability scanning
Continuous application monitoring and routine audit log analysis
Routine testing of and updates to our business continuity and recovery plans
Least privilege access controls
Quarterly risk assessment reviews to evaluate the effectiveness of our practices
All data found on Deed is fully encrypted, both in-transit and at rest, using industry best practices and standards. Deed also maintains strict organizational requirements for the use of cryptographic controls, in order to protect the confidentiality, integrity, and authenticity of customer information.
Deed’s technology is architected and implemented to ensure that your company’s information is only accessible by authorized individuals, utilizing features such as role-based user permissions, SSO and HRIS integration, and standard user password requirements.
Our goal is to provide a safe, secure and meaningful social impact tool, and our team is fully prepared to meet your company’s data privacy needs.
We collaborate with privacy and security professionals and our vendors to ensure our platform can meet your data protection needs:
California Consumer Privacy Act (CCPA)
Deed’s security program and practices are designed to be CCPA compliant.
European Union’s General Data Protection Regulation (GDPR)
Deed’s Data Processing Agreements comply with all applicable GDPR requirements.