We are SOC 2 Type 1 compliant!
What does it mean? SOC 2 type 1 is a security attestation that asserts our capacity to ensure our customers’ data security.
As a delivery management software that handles significant amount of data, it seemed essential for us to get this compliance.
In order to achieve it, we went through a rigorous audit set by the American Institute of CPAs (AICPA) to ensure we fulfilled specific criteria and requirements in regards to data security, availability & confidentiality.
Therefore, you can be fully assured that your data is in good hands with Cigo!
We continuously strive to ensure that the data of our clients is stored and exchanged over secure network channels and in robust enterprise grade infrastructure.
Over the years, we've made some key decisions and enhancements to specifically ensure the integrity and safety of our user's data.
Internally, we've established some guiding principles to ensure that all new development and refactoring efforts continue to improve upon our security and privacy standards. Namely, we implement:
Encryption of data in transit and data at restStrong WAF (Web Application Firewall) rule sets and NSGs (Network Security Rules)Secure networking of our core infrastructure. Applying additional encryption layering on sensitive data at rest.
Only serving user uploaded multimedia content over SSL and HTTPSEnterprise-grade Cloud infrastructure to safeguard our users from being affected by DDoS attacks
And many more...
As part of our efforts to continuously improve our product offerings, we are open to reports of any security issues and vulnerabilities that researchers may find on our site.
We've ensured that we provide sufficient information in the Q&A below to offer a secure channel for anyone to share said vulnerabilities if any are found.
How can I report a vulnerability to your team?
We've gathered all of the information you'll need to reach us here: security.txt
Do you have a bounty or vulnerability reward program?
At this time, we do not have a bounty program, but we are happy to work with any researchers that find any security or an abuse risk related bug in a Cigo product and would like to report it to us.
Will my report be recognized?
If the issue reported is valid and sufficiently significant, we will happily share your credentials under the Acknowledgments section of this page after it has been resolved.
No acknowledgments at this time.