Customer Trust Center

Security and privacy of our customer’s data is our number one priority. Spin.AI is committed to ensuring that our security and privacy controls meet or exceed security best practices and regulatory requirements.

Security

We meet security requirements by storing data on trusted cloud providers, encrypting each piece of data we store, and applying best practices of access control.

324

Hosting Location

Spin works only with the world’s top cloud services providers for storing and processing customer data. At the time of the registration with the Spin application services, customers can choose which cloud services provider to use for their data backups. Our cloud services provider partners are:

Amazon Web Services (AWS)
Microsoft Azure
Google Cloud Platform (GCP)

In addition to the cloud provider choice, Spin customers select a geographical region where their data will be stored. Once selected, your data always remains in that region to ensure compliance with any international data transfer restrictions.

324

Data Security

Your backed-up data always remains encrypted while at rest and when transmitted. We use only the latest versions of secure algorithms and protocols such as TLS 1.3 for data transmissions and AES-256 for the stored data encryption.

To provide even more protection from a potential data breach, we took the security of stored data to the next level. Instead of implementing encryption at the storage level, we encrypt each backed-up data object (email, document, contact, etc.) with a unique encryption key.

This means that even our engineers don’t have access to your data, and a single key compromise would only allow access to a single object.

324

Access Control

Physical access security is provided by the best-in-class data centers maintained by our cloud infrastructure partners (AWS, Azure, and GCP). Spin uses strict logical access controls including strong passwords, multi-factor authentication, and deny-by-default network and system access.

All cloud-hosted system components are only accessible through a bastion host over a secure remote Virtual Private Network (VPN).

Compliance

SpinOne platform helps clients comply with the existing rules and regulations like HIPAA, CCPA, and others.

While Spin does not have direct access to customers’ data, we are committed to supporting our customers’ regulatory, legal, and contractual requirements. Spin conducts periodic compliance assessments to ensure compliance with the following regulations:

The General Data Protection Regulation (GDPR)
The Health Insurance Portability and Accountability Act (HIPAA)
The California Consumer Privacy Act (CCPA)
The Payment Card Industry Data Security Standard (PCI-DSS)

Any identified compliance gaps are documented, reported to the Security Council, and monitored until addressed.

To support our customers’ compliance requirements, Spin signs Business Associate Agreements (BAA) and Data Processing Addendum (DPA) when necessary.

Disclaimer: Spin.AI isn’t providing legal advice, customers act on their own volition, and are responsible for ensuring their own compliance with applicable laws and regulations.

Assurance

SpinOne has EU and US certificates to assure the privacy, confidentiality, security, processing integrity, and availability of customer data.

EU-US Privacy Shield

Data Privacy Practices Compliant

Spin is certified under the EU-US Privacy Shield, and our certification can be validated at the Privacy Shield website:

Although the Court of Justice of the European Union issued a judgment in July 2020 declaring the European Commission Decision 2016/1250 as invalid (on the adequacy of the protection provided by the EU-US Privacy Shield), this decision does not relieve participants in the EU-US Privacy Shield of their obligations under the framework, and Spin maintains its Privacy-Shield certification.

SOC 2 Type II

Trust Services Principles

To assure our customers of the effectiveness of Spin’s controls implemented to protect customers’ data, Spin undergoes a SOC 2 Type II audit and issues the audit report on an annual basis.

The report is available to our existing and potential customers upon a formal request and signing of a Non-Disclosure Agreement (NDA).

Please contact our Support Team or your sales point of contact to request a copy of the report.

Enterprise security for SaaS data

Start Making the Most of Your SaaS Security

It only takes a few steps to get started with our free demo.