- Human Defense Platform
- New York City
- Washington DC
- Tel Aviv
HUMAN takes commercially reasonable and appropriate measures to protect information against unauthorized access, alteration, disclosure or destruction of data. HUMAN regularly consults with experts and legal counsel to ensure we understand and comply with our compliance obligations and the latest regulations.
Yes. HUMAN Security internal standards meet or exceed GDPR requirements as it relates to general data security.
Beyond information that is securely kept for billing purposes, and user passwords to allow access to the management console, HUMAN stores the following customer data:
In addition, Account Defender and Credential Intelligence may store user identifiers.
Upon request, stored customer data is deleted or rendered unattributable after the services agreement is terminated.
HUMAN Security follows the 7 principles of Privacy by Design in our service offerings.
Yes. The HUMAN Code of Conduct strives to foster inclusive, collaborative and safe working conditions for all HUMAN Workforce. As such, HUMAN is committed to providing a friendly, safe and welcoming environment for all Workforce, regardless of gender, sexual orientation, ability, ethnicity, socioeconomic status, and religion (or lack thereof).
Yes, HUMAN maintains insurance to cover numerous types of risk including commercial general liability.
HUMAN is certified to be SOC 2 Type 2 and ISO 27001 compliant. HUMAN’s SOC 3 report is available here. HUMAN is also compliant with PCI standards.
Any customer data stored by HUMAN is done in accordance with its Data Retention Policy and is located in data centers secured by AWS, GCP and Equinix. These servers are housed separately from HUMAN’s corporate offices and not interconnected.
Yes. We can provide a self-attestation form. Contact your sales or customer success team for more information.
Our systems technically do not collect or store payment information; we are not a payment processor. Under the PCI DSS framework, since HUMAN Security is not a payment processor, it is not permissible for PCI participants to send us payment card information.
HUMAN implements a multi-layered approach to protecting customer information, including but not limited to, the use of technical safeguards, dedicated staff and use of cryptographic methods. HUMAN has a dedicated product security team responsible for the identification of potential vulnerabilities and assists engineering with shipping secure code.
HUMANs information security program includes measures such as:
HUMAN uses subprocessors, including cloud providers as well as services providers to conduct our business. We maintain written data privacy agreements with our sub-processors and require and review SOC2 compliance attestation reports annually.
The Chief Information Security Officer, Gavin Reid, is responsible for cyber-security at HUMAN. Gavin reports to the CEO, and maintains a dedicated Information Security team as well as a cross-functional Security Committee comprising the Information Security team along with executives from other functional areas.
HUMAN supports SAML integration (e.g., Okta, AzureAD, or other) on our customer interfaces.
Customers may implement MFA by integrating an SSO provider that provides MFA. Internally we implement MFA for privileged access as well as many core internal systems, such as email.
Certain assets, such as data collectors may use dedicated infrastructure, however overall we do not currently offer dedicated infrastructure for our customers; data isolation is provided logically.