Safety First

SOC 2 Compliance

This ensures that from June 2021, Tagger is SOC 2 Type II "certified". SOC 2 compliance demonstrates that Tagger securely manages your data to protect the interests of your organization and the privacy of its clients according to five trust service principles: security, availability, processing integrity, 
confidentiality, and privacy.

Physical and environmental security

Tagger using highly secure Equinix Metal infrastructure and facilities. Equinix Metal cloud computing services are compliant with multiple security and privacy standards, e.g. ISO 27001, ISO 22301, NIST 800-53, SOC 2 Type II and PCI DSS. Equinix uses advanced security equipment, techniques, and procedures to control and monitor access data centers. Typical security controls are security checkpoints that include 24/7 manned security stations, mantraps, and biometric readers.

The power systems include full UPS systems with N+1 redundancy 
levels or greater and backup generator systems in the event of a local utility failure. In case of a power outage, batteries turn on immediately, followed by the generators, which can power the entire data center. 
To keep equipment operating, each data center houses a multicomponent temperature control system running 24/7.

Information security

We strive to achieve integrated information security management system by:

  • Following good practices to protect the organization’s information assets from information security threats.
  • Aligning information security management with the organization’s strategic risk management context.
  • Setting information security objectives and establishing a direction and principles for action.
  • Data Scraping Compliance

    We’re fully aware of the requirements of laws, regulations, court judgments, personal data protection guidelines, and T&C of social media platforms about data scraping and privacy. 
We are an ethical company. All employees and associates must follow the Code of Conduct and the Code of Ethics. That’s why we 
do not scrape any data.

  • Privacy Compliance

    Our goal as a content management company is to fully comply with privacy laws, regulations, and good practices. We take care especially with GDPR, CCPA, UK Data Protection Act 2018, and COPPA. The Chief Information Officer and Data Protection Officer are constantly monitoring our compliance and security.

  • Cyber Security

    We’re using advanced security controls like WAP, NGFW, SIEM, systems, networks, infrastructure monitoring tools, DMZ, and vulnerabilities scanners. Our system uses a hardened and patched OS, applications, and DB. We review vulnerability bulletins on an ongoing basis. We also have solutions to mitigate DOS and DDoS attacks. We perform penetration tests annually.

  • Disaster Recovery & Business Continuity

    We maintain disaster recovery and business continuity plans as part of our Information Security and Privacy Management System. We have high availability infrastructure in the US and backup failover to another US region. We regularly test and refine this plan to ensure the fastest recoverability in the event of a disaster.

Data at rest and in transit security

All data at rest and in transit are encrypted. To secure transfer data, we’re using HTTPS, TLS, SSH, and VPN. All our data at rest is encrypted at the server level and the level of end devices.

Our Policies

We’re taking our legal obligations and documentation very seriously. Below you can find various policies that describe intended terms of usage of our systems.