Skip to main content

Security

Your data is safe with us

Security Illustration Security Illustration

SOC 2 Compliance

This ensures that from June 2021, Tagger is SOC 2 Type II "certified". SOC 2 compliance demonstrates that Tagger securely manages your data to protect the interests of your organization and the privacy of its clients according to five trust service principles: security, availability, processing integrity, confidentiality, and privacy.

SOC 2 Compliance

This ensures that from June 2021, Tagger is SOC 2 Type II "certified". SOC 2 compliance demonstrates that Tagger securely manages your data to protect the interests of your organization and the privacy of its clients according to five trust service principles: security, availability, processing integrity, confidentiality, and privacy. You can request your copy of our SOC 2 report by emailing us: privacy@taggermedia.com Service and Organization Controls 2 (SOC 2) assesses procedures and control processes in an IT organization and an international standard for collecting and exchanging information. This standard was established on behalf of the American Institute of Certified Public Accountants (AICPA). It defines data management criteria across five key areas: security (physical and logical), availability, processing integrity, confidentiality, privacy.
SOC 2 Compliance Illustration

Physical and environmental security

Tagger using highly secure Equinix Metal infrastructure and facilities. Equinix Metal cloud computing services are compliant with multiple security and privacy standards, e.g. ISO 27001, ISO 22301, NIST 800-53, SOC 2 Type II and PCI DSS. Equinix uses advanced security equipment, techniques, and procedures to control and monitor access data centers. Typical security controls are security checkpoints that include 24/7 manned security stations, mantraps, and biometric readers.

AICPA SOC Badge, ISO 27001 Badge, PCI DSS Compliant, ISO 22301 Badge, Nist Security Badge

The power systems include full UPS systems with N+1 redundancy levels or greater and backup generator systems in the event of a local utility failure. In case of a power outage, batteries turn on immediately, followed by the generators, which can power the entire data center. To keep equipment operating, each data center houses a multicomponent temperature control system running 24/7.

Information Security

We strive to achieve integrated information security management system by:

  • Following good practices to protect the organization’s information assets from information security threats.
  • Aligning information security management with the organization’s strategic risk management context.
  • Setting information security objectives and establishing a direction and principles for action.

Information Security

We strive to achieve integrated information security management system by:

  • Following good practices to protect the organization’s information assets from information security threats.
  • Aligning information security management with the organization’s strategic risk management context.
  • Setting information security objectives and establishing a direction and principles for action.
  • Establishing criteria for risk evaluation and risk acceptance.
  • Controlling access to information assets based on business and security requirements.
  • Protecting information in transit.
  • Putting safeguards in information sharing.
  • Implementing a clear desk and a clear screen policy.
  • Implementing appropriate security measures in mobile computing and communications.
  • Using appropriate cryptographic controls for the protection of information.
  • Ensuring proper use, protection, and a lifetime of cryptographic keys through their lifecycle.
  • Establishing rules for the development of software and systems and applying these rules to developments within the organization.
  • Ensuring protection of the organization’s assets that are accessible by suppliers.
  • Prohibiting the use of unauthorized software and complying with laws on intellectual property rights.
  • Protecting organizational data and safeguarding privacy.
  • Taking back-up copies and testing them regularly.
  • Retaining records for a sufficient period before disposing of them carefully.
  • Building security culture based on awareness, trust and Just Culture.
  • Complying with applicable laws, regulations, and requirements related to information security, including the requirements of the ISO 27001 standard, The 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TSC).
  • Reviewing and auditing the effectiveness of ISMS at regular basis.
  • Continually improving our ISMS.
No data illustration

Data scraping compliance

We’re fully aware of the requirements of laws, regulations, court judgments, personal data protection guidelines, and T&C of social media platforms about data scraping and privacy. We are an ethical company. All employees and associates must follow the Code of Conduct and the Code of Ethics. That’s why we do not scrape any data.

Privacy Compliance illustration

Privacy compliance

Our goal as a content management company is to fully comply with privacy laws, regulations, and good practices. We take care especially with GDPR, CCPA, UK Data Protection Act 2018, and COPPA. The Chief Information Officer and Data Protection Officer are constantly monitoring our compliance and security.

Cyber Security illustration

Cyber Security

We’re using advanced security controls like WAP, NGFW, SIEM, systems, networks, infrastructure monitoring tools, DMZ, and vulnerabilities scanners. Our system uses a hardened and patched OS, applications, and DB. We review vulnerability bulletins on an ongoing basis. We also have solutions to mitigate DOS and DDoS attacks. We perform penetration tests annually.

Disaster Recovery and Business Continuity illustration

Disaster Recovery and Business Continuity

We maintain disaster recovery and business continuity plans as part of our Information Security and Privacy Management System. We have high availability infrastructure in the US and backup failover to another US region. We regularly test and refine this plan to ensure the fastest recoverability in the event of a disaster.

Data at rest and in transit security

All data at rest and in transit are encrypted. To secure transfer data, we’re using HTTPS, TLS, SSH, and VPN. All our data at rest is encrypted at the server level and the level of end devices.

Data at rest and in transit security Illustration

Our Policies

We’re taking our legal obligations and documentation very seriously. Below you can find various policies that describe intended terms of usage of our systems.

Report a vulnerability

We encourage you to report any vulnerabilities in our service directly, using the form below.
Our security team will analyze it, fix it, and we’ll send you feedback.

--- ---