In a world where data security and privacy is more important than ever, SaaS companies must constantly adapt to new regulations and policies to better protect customer data. At Fond, protecting our customers’ data is our highest priority, and we believe our customers have the right to know when and how we use their data.
“Customer data safety and security are integral to all aspects of how Fond operates, from our rigorous approach when designing and developing products to continuously validating our processes and practices. We continue to make significant investments in ensuring our platform is compliant with industry standards to guarantee our customer data is protected.” —Shirley Foster, Vice President of Engineering at Fond
Fond has made significant investments in complying with industry regulations and best practices to protect your data. Fond’s highly redundant infrastructure and backups are hosted in multiple regions at AWS to prevent system failure or data loss, and the security measures discussed in this article are applicable to our mobile apps as well. You can rest easy knowing your data is secure no matter what device you use to access Fond.
Fond is a SaaS platform that integrates with HR systems like ADP, Workday, and Namely containing personally identifiable information (PII). To best protect your information, Fond only captures the minimum data required for integration and we treat your PII with the utmost security.
Below is an outline of the steps Fond has taken to keep your data safe, as well as an overview of these data protection policies.
System and Organization Controls (SOC)
System and Organization Controls (SOC) reports are independent third-party examination reports that demonstrate how companies achieve key compliance controls and objectives. SOC 2 compliance is the industry standard for SaaS companies, especially those working with large customers concerned with data privacy and security. Fond operates in compliance with SOC 2 to ensure your data is protected, available, and secure.
Schellman & Company, a highly reputable audit firm, has reviewed our processes and practices and established that Fond is SOC 2 compliant. To become SOC 2 compliant, Fond supplied over 320 documents across 75 controls to our SOC 2 auditors. These documents cover physical and digital and physical security and privacy, data availability, software development practices, and business continuity. With Fond, our customers know their data is safe.
The General Data Protection Regulation Act (GDPR)
GDPR is an EU-based privacy law that took effect on May 25, 2018, governing the ownership of data and data subjects (users). GDPR establishes guidelines for a user’s (data subject) rights to correct their data, remove their data, get a copy of the data companies have acquired about them, and have visibility into how their data is used. Under GDPR, organizations must disclose what data they capture, for what purposes, and what legal bases they have for capturing and processing data.
Fond’s services are protected by Transport Layer Security (TLS), which secures network traffic from passive eavesdropping, active tampering, or message forgery. We have also implemented proactive security procedures like perimeter defense and network intrusion prevention systems. Additionally, our team regularly completes vulnerability assessments using both internal and external resources to ensure our systems are secure.
Every attribute of customer data on the Fond platform is encrypted in transit and at rest using AWS RDS. Fond uses the Advanced Encryption Standard (AES) algorithm to encrypt data. Data inserts, updates, and deletions are committed to a persistent store on a MySQL database. With Fond, companies of all sizes can rest assured that we have taken every step possible to ensure your data is secure, whether your company has 10 employees or 10,000.
Interested in learning more about how Fond keeps your data safe? Download our white paper detailing all our security policies here.