Skip to main content
All CollectionsSecurity & IT
Aspire Privacy and Security
Aspire Privacy and Security

Overview of privacy, security, reliability, and compliance on Aspire.

Simma Baghbanbashi avatar
Written by Simma Baghbanbashi
Updated over a year ago

Organizations of all sizes use Aspire to run campaigns across thousands of users, integrate key business platforms, and help them comply with applicable security, privacy, and compliance requirements. Aspire is currently SOC 2 Type 2 certified, as well as GDPR and CCPA compliant.

Enterprise-grade security (per standard security requirements):

  • Secure hosting

  • Encryption in transit and rest

Data security

  • Data hosting and encryption: All confidential and proprietary data (including video files and customer and test contributor data) is hosted through Google Cloud, a SOC 2 and ISO 27017 certified hosting provider.

  • Security team: The Aspire Security Team includes staff responsible for ongoing information security, including:

    • Physical security, inclusive of annual physical security audits

    • Security of internal systems, inclusive of annual audits and active monitoring

    • Administration of security training for all employees

    • Immediate attention to inquiries, potential breaches, or other alerts indicating anomalies or issues

  • SOC 2 Type II on Aspire

    • Soc 2 Type II reports how a company safeguard customer data. This is an audit conducted by 3rd-parties that assess the risks of a company that works with cloud service providers. The audit covers security, availability, confidentiality, and privacy.

    • What Aspire Does: SOC 2 is very robust and all about security protocols. To meet the highest standard for security, we have worked with a leading vendor to validate our processes and protocols to ensure that access to customer data is limited and stored securely. We are SOC 2 Type II compliant.

  • Verified by third-party assessors:

    • Annual penetration scans: Aspire conducts annual penetration testing using a 3rd-party cyber security company. Penetration tests are run against all in-scope systems of Aspire and vulnerabilities from the penetration tests are promptly remediated. You may receive a confidential copy of our most recent penetration test report by reaching out to [email protected]. We may ask you to sign an NDA to receive the report if we do not already have one from you.

    • Automated scans: Aspire lives on Google cloud platform. We utilize Google cloud’s built-in functionalities to receive reports on suspicious activity, network activity (VPC flow logs), and package vulnerabilities.

    • Bug bounty program: Aspire participates in bug bounty programs to receive external vulnerabilities from hackers around the globe. Vulnerabilities are reported by bug bounty hackers and are treated like any other vulnerability found on our platform.

    • Compliance tracker: We use a 3rd-party tool to help us ensure we stay on track with SOC 2 Type II requirements. This tool runs scans against our SaaS, vendors, infrastructure, employee endpoints, and other criteria in scope of SOC 2 for any non-compliance. We are happy to provide a full report by request.

  • Vendors and sub-processors on Aspire

    • We perform data mappings and risk assessments for all of our vendors and sub-processors to ensure we understand where your data is and how it’s processed by each vendor. Aspire requires all vendors and sub-processors to be in compliance with GDPR, CCPA, and SOC 2 regulations, and we review our vendors on an ongoing basis to ensure they continue to comply with the respected laws and regulations. All vendors and sub-processors working with Aspire are required to submit either a SOC2 Type 2 report or an ISO 27001 certification.

Did this answer your question?