Security
Enhanced Security Measures Our services are fortified with advanced security technologies to ensure robust protection at every level.
SOC 2 Type II
We take pride in being SOC 2 Type II compliant, a testament to our commitment to data security.
What exactly does this mean? SOC 2 Type II certification is an industry-recognized standard that affirms our dedication to maintaining the highest levels of data security for our customers.
Given the substantial volume of data managed by our delivery management software, obtaining this compliance was imperative.
To secure this attestation, we underwent a stringent audit conducted by the American Institute of CPAs (AICPA), demonstrating adherence to comprehensive data security, availability, and confidentiality criteria.
Rest easy knowing that with Cigo, your data is protected by a verified and trustworthy system.
Policy
Cigo Tracker
We continuously strive to ensure that the data of our clients is stored and exchanged over secure network channels and in robust enterprise grade infrastructure.
We continuously strive to ensure that our clients’ data is stored and exchanged over secure network channels within robust, enterprise-grade infrastructure that aligns with the highest industry standards.
Internally, we have established guiding principles to ensure that all new development and refactoring efforts enhance our security and privacy measures.
Our implementations include:
- Encryption of data in transit and at rest
- Advanced Web Application Firewall (WAF) rule sets and Network Security Groups (NSGs)
- Secure networking across our core infrastructure
- Additional encryption layers applied to sensitive data at rest
- Serving user-uploaded multimedia content exclusively over SSL and HTTPS
- Utilizing enterprise-grade cloud infrastructure to protect our users from DDoS attacks
- Regular compliance audits and adherence to stringent security frameworks
- And many more…
(VDP)
Vulnerability Disclosure Program
As part of our efforts to continuously improve our product offerings, we are open to reports of any security issues and vulnerabilities that researchers may find on our site.
We continuously strive to ensure that the data of our clients is stored and exchanged over secure network channels and in robust enterprise grade infrastructure.
How can I report a vulnerability to your team?
If you’ve discovered a vulnerability, we encourage you to report it to us immediately. Please send an email to security@cigotracker.com with a detailed description of the issue, including steps to reproduce it if possible. Our team will review your report promptly and take necessary action to address the concern.
Do you have a bounty or vulnerability reward program?
Yes, we value the time and effort of security researchers. While we currently don’t have a formal bounty program, we do appreciate and recognize verified reports. If your discovery significantly enhances the security of our systems, we may consider additional gestures of appreciation on a case-by-case basis.
Will my report be recognized?
Absolutely. We acknowledge the importance of your contribution to improving our security. Once your report is validated and the vulnerability is resolved, you may receive recognition for your efforts. However, public acknowledgment is subject to mutual agreement to ensure confidentiality.