Skip to content

Security

Steady employs advanced technology to secure and back up your account information on protected and guarded systems that allow for scalability, performance and reliability.

AICPA SOC for Service Organizations badge Monitored by Drata SOC 2 badge SOC 2 tested and attested by independent auditor Precscient

Your Data is Yours

  • We do not share or sell the organizational or personal information for you or any team member connected to your account. Period.
  • Your team’s data belongs to you and your team. You may export it at anytime.
  • We will purge your data from our data stores and logs at your request or automatically upon account cancellation.
  • We cannot access your data unless you ask us to for troubleshooting purposes.

Your Data is Protected and Secure

  • Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.
  • Each user in your organization is provided with a unique user name and strong password or expiring authentication token that must be entered each time a user signs on. We also integrate with SAML 2.0 compliant iDPs.
  • Steady issues a session cookie only to record encrypted authentication information for the duration of a specific session, not to store usernames or passwords. Our session cookies use the secure and HTTP only flags.
  • Your credit card data is securely submitted directly from your browser to a leading, PCI Service Provider Level 1 payment gateway. It never touches our servers.
  • We keep rotating, daily backups of all account data.
  • Under the hood, all data is encrypted in transit and at rest.
  • Sensitive data, like passwords, authentication tokens and status check-ins are never logged.
  • Your data is housed in physically secured, SOC2 compliant, and ISO 27001/27017/27018 certified data centers within the United States.
  • We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers’ data.

Our Systems are Monitored 24x7

  • Our managed hosting provider operations team monitors all hosts and services for integrity and availability, 24 hours a day, 7 days a week.
  • Our software infrastructure is updated regularly with the latest security patches.
  • Both manual and automated vulnerability scans and security reviews are continuously performed.

EU-US and Swiss-US Privacy Shield

As part of our GDPR compliance program, we participate in the EU-US and Swiss-US Privacy Shield Framework to safeguard the transfer of personal data to the US, meeting the GDPR requirement for data protection laws.

Security Exploit Bounty Program

Security of user data and communication is of utmost importance to us. In pursuit of the best possible security for our service, we welcome responsible disclosure of any vulnerability you find in Steady. Additional details here.

More Information

Contact us anytime for additional details.