Confidential Data
Manifestly is SOC 2 Certified – what does this mean
SOC 2 (Service Organization Control 2) is an industry-standard framework developed by the American Institute of Certified Public Accountants (AICPA). It sets rigorous standards for managing customer data based on five key “trust service principles”:
- Security – Systems and information are protected against unauthorized access.
- Availability – Systems are available and operational as committed.
- Processing Integrity – System processing is complete, accurate, and authorized.
- Confidentiality – Information designated as confidential is protected.
- Privacy – Personal information is collected, stored, and handled in accordance with recognized privacy standards.
How secure/confidential is my data on Manifestly?
- Our hosting provider is Heroku, which is owned by Salesforce. It is a leading industry cloud provider. Heroku in turn is hosted on Amazon’s cloud (AWS). All access to our production applications and data are controlled by Heroku. Please review their security overview here: https://www.heroku.com/policy/security
- Our software and systems on Heroku are only accessible by the two founders of Manifestly. All other developers do not have access to production systems or data.
- All data stored on Heroku is encrypted at rest.
- We use two-factor auth when accessing our providers.
- AmazonAWS
- Heroku
- Github
- Dnsimple
- Intercom
- SendGrid
- Stripe
Backup & Dependency
Our database is on a Premium database plan from our hosting provider, Heroku. This comes with the High Availability (HA) feature, which involves a database cluster and management system designed to increase database availability in the face of hardware or software failure that would otherwise lead to longer downtime. When a primary database with this feature fails, it is automatically replaced with another replica database called a standby. More details about that can be found here: https://devcenter.heroku.com/articles/heroku-postgres-ha