Security and trust
We protect data through multiple layers of security and governance technologies, operational practices, and compliance policies.
Our commitments
Security
Spotnana’s security team conducts regular reviews of Spotnana’s application design, architecture, and features along with a series of automated security vulnerability scans, including static code analysis and container scanning. Third-party penetration testing is conducted at least annually. All vulnerabilities identified are managed under a well-established SLA for remediation.
Privacy
Privacy is a cornerstone of our Security and Trust program. Every Spotnana employee undergoes privacy and security training to ensure data is managed safely, securely, ethically, and in compliance with regulatory requirements. A dedicated team is responsible for overseeing training for our employees and enforcing our controls.
Compliance
In line with the requirements of ISO 27001:2022, Spotnana has implemented an ISMS system and obtained ISO 27001:2022 certification. Spotnana also complies with trust services security criteria under AICPA and has obtained an independent auditor report for SOC2 Type 2 compliance.
Security white paper
Security is core to our mission at Spotnana. We go to great lengths to ensure that customer data remains safe and secure. To learn more, download our Security white paper.