Security
Your data is safe with us

SOC 2 Compliance
This ensures that from June 2021, Tagger is SOC 2 Type II "certified". SOC 2 compliance demonstrates that Tagger securely manages your data to protect the interests of your organization and the privacy of its clients according to five trust service principles: security, availability, processing integrity, confidentiality, and privacy.
SOC 2 Compliance

Physical and environmental security
Tagger using highly secure Equinix Metal infrastructure and facilities. Equinix Metal cloud computing services are compliant with multiple security and privacy standards, e.g. ISO 27001, ISO 22301, NIST 800-53, SOC 2 Type II and PCI DSS. Equinix uses advanced security equipment, techniques, and procedures to control and monitor access data centers. Typical security controls are security checkpoints that include 24/7 manned security stations, mantraps, and biometric readers.

The power systems include full UPS systems with N+1 redundancy levels or greater and backup generator systems in the event of a local utility failure. In case of a power outage, batteries turn on immediately, followed by the generators, which can power the entire data center. To keep equipment operating, each data center houses a multicomponent temperature control system running 24/7.
Information Security
We strive to achieve integrated information security management system by:
- Following good practices to protect the organization’s information assets from information security threats.
- Aligning information security management with the organization’s strategic risk management context.
- Setting information security objectives and establishing a direction and principles for action.
Information Security
We strive to achieve integrated information security management system by:
- Following good practices to protect the organization’s information assets from information security threats.
- Aligning information security management with the organization’s strategic risk management context.
- Setting information security objectives and establishing a direction and principles for action.
- Establishing criteria for risk evaluation and risk acceptance.
- Controlling access to information assets based on business and security requirements.
- Protecting information in transit.
- Putting safeguards in information sharing.
- Implementing a clear desk and a clear screen policy.
- Implementing appropriate security measures in mobile computing and communications.
- Using appropriate cryptographic controls for the protection of information.
- Ensuring proper use, protection, and a lifetime of cryptographic keys through their lifecycle.
- Establishing rules for the development of software and systems and applying these rules to developments within the organization.
- Ensuring protection of the organization’s assets that are accessible by suppliers.
- Prohibiting the use of unauthorized software and complying with laws on intellectual property rights.
- Protecting organizational data and safeguarding privacy.
- Taking back-up copies and testing them regularly.
- Retaining records for a sufficient period before disposing of them carefully.
- Building security culture based on awareness, trust and Just Culture.
- Complying with applicable laws, regulations, and requirements related to information security, including the requirements of the ISO 27001 standard, The 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TSC).
- Reviewing and auditing the effectiveness of ISMS at regular basis.
- Continually improving our ISMS.

Data scraping compliance
We’re fully aware of the requirements of laws, regulations, court judgments, personal data protection guidelines, and T&C of social media platforms about data scraping and privacy. We are an ethical company. All employees and associates must follow the Code of Conduct and the Code of Ethics. That’s why we do not scrape any data.

Privacy compliance
Our goal as a content management company is to fully comply with privacy laws, regulations, and good practices. We take care especially with GDPR, CCPA, UK Data Protection Act 2018, and COPPA. The Chief Information Officer and Data Protection Officer are constantly monitoring our compliance and security.

Cyber Security
We’re using advanced security controls like WAP, NGFW, SIEM, systems, networks, infrastructure monitoring tools, DMZ, and vulnerabilities scanners. Our system uses a hardened and patched OS, applications, and DB. We review vulnerability bulletins on an ongoing basis. We also have solutions to mitigate DOS and DDoS attacks. We perform penetration tests annually.

Disaster Recovery and Business Continuity
We maintain disaster recovery and business continuity plans as part of our Information Security and Privacy Management System. We have high availability infrastructure in the US and backup failover to another US region. We regularly test and refine this plan to ensure the fastest recoverability in the event of a disaster.
Data at rest and in transit security
All data at rest and in transit are encrypted. To secure transfer data, we’re using HTTPS, TLS, SSH, and VPN. All our data at rest is encrypted at the server level and the level of end devices.

Our Policies
Report a vulnerability
We encourage you to report any vulnerabilities in our service directly, using the form below. Our security team will analyze it, fix it, and we’ll send you feedback.