Capchase Inc. is a Delaware corporation based in New York City.
Information security management
Capchase has an information security management system in place, granting the appropriate resources, visibility, and organizational commitment to maintaining and improving the security measures to protect the customers, the business, and other stakeholders.
List of information security policies
Capchase maintains the following security policies. For more information on our security policies please reach out to support@capchase.com
- Acceptable use policy
- Access control policy
- Backup and restoration policy
- Business continuity and disaster recovery policy
- Change management policy
- Corporate ethics policy
- Data integrity policy
- Data retention and disposal policy
- Incident management policy
- Information classification policy
- Information security policy
- Key management and cryptography policy
- Network security policy
- Personnel security policy
- Risk assessment policy
- Server-less security policy
- Software development policy
- Vendor management policy
- Vulnerability and penetration testing management policy
- Workstation and mobile device security policy
External Auditing
SOC II Type 2. To externally validate its information security management system, Capchase holds a SOC 2 Type II report and undergoes annual audits to ensure that Capchase continues to meet and exceed certification requirements. Read more here about what this means.
Penetration testing. Capchase undergoes periodic penetration tests, executed by an external vendor, and vulnerability scans, to detect and manage vulnerabilities in its application and infrastructure promptly.
Compliance
Privacy and Data Security. Capchase takes the privacy and security of your data seriously; Privacy and Data security are considered through all key processes, including the software development and compliance processes. Internal procedures are built and maintained in order to comply with the main privacy principles: lawfulness, fairness, and transparency; purpose limitation; data minimization; accuracy; storage limitations; integrity and confidentiality; and accountability. Please review our privacy policy here and our terms of use here.
Licenses and Regulations. A member of our team is happy to discuss which licenses Capchase holds, and why. Feel free to get in touch.
Information Security Controls
Access controls. All-access to information at Capchase is given based on the “need to know” and “least privilege” principles, enforcing, where technically available, multiple-factor authentication. Actions are logged and monitored for audit purposes.
Multi-Factor Authentication. Capchase closely monitors platform activity and takes several measures to prevent account takeover and other malicious behavior. Capchase provides customers with the option to enroll in multi-factor authentication (MFA) directly in the Capchase platform.
Confidentiality. Capchase has implemented security controls to protect data confidentiality, including data encryption (in rest and in transit, using industry-accepted standards), access controls, and monitoring. Please contact our team if you would like to execute a confidentiality agreement.
Vendor review. Capchase evaluates its critical vendors about their privacy and security practices to have a holistic risk perspective, to ensure adequate levels of protection during the service providing.
Network security. Capchase implements different security controls, like WAF, network segmentation, and monitoring to prevent, detect, and isolate any malicious traffic or activity. We also block certain countries and enforce rate limiting to prevent different network attacks.
Information security awareness and monitoring. Capchase runs periodic information security awareness training programs, including privacy content, through all employees and also maintains them up to date on any relevant news on threats or malicious campaigns thanks to active monitoring and feed from well-known agencies like the US-CERT.
Avoiding Scams
Capchase Support will never contact you to ask for your password or verification codes. Nevertheless, fraudsters may impersonate Capchase or members of your team to attempt to trick employees into sharing sensitive information. If you receive a suspicious request, please contact your Growth Advisor and support@capchase.com to report the incident.