As trusted by highly-regulated industries such as financial services, insurance companies and the medtech industry around the world, we strive to continuously meet and exceed the security standards and regulations on data and personal security that is expected by our customers. Here is how we work to protect your data and secure our systems.
Your privacy and keeping your data safe is crucial to us. Therefore, we are continuously working on maintaining and improving our security culture to ensure that everyone in our organisation is working with your data security in mind.
Custellence continuously monitors and keeps up to date with the latest legal frameworks and technical requirements on data security and privacy to ensure full compliance with privacy laws such as GDPR.
You can trust that all data we manage is encrypted in transit and at rest, that passwords are hashed and salted, and accounts are verified. We employ secure coding practices, code reviews, automated security testing and more. Our employees and contractors have signed contracts including a confidentiality clause and receive security training at the start of employment and continuously as needed.
As a proof of our commitment to maintaining the highest information security and operational excellence, we have completed a SOC 2 Type II audit. Being certified indicates that Custellence's systems and controls have been rigorously evaluated and meet the stringent requirements set by the American Institute of CPAs (AICPA). The detailed SOC 2 Type II report is available upon request for customers seeking to verify the company's compliance.
We do not host data centers ourselves, instead we have carefully selected industry-leading vendors that hold the toughest certifications to keep your data safe. They are all certified with SOC 2 and ISO27001 for processing and storage of data. All our third party vendors also use data centers with these certifications.
We use Stripe for all online* payments, which means we do not store any payment information ourselves. Stripe is one of the world’s largest online payment services and holds PCI DSS Level 1 certification, which is the highest level to be achieved in this area. *For our Enterprise plans, we offer invoice.
In Custellence you can manage both members and guests. You can change their role to restrict what they can do in the workspace and manage all users that are not in your workspace but have access to any maps in the workspace.
If you have many maps and would like to be able to set different access rights for your team members, our paid plans offer advanced sharing options. For example editing rights for selected members, and view-only for others. You can also set other advanced sharing options, such as passcode protected link and domain sharing.
Keep track of the activity in your workspace. You can easily see who has done what in your workspace and on journey maps. To get notified of changes in specific maps, just choose “follow” and you’ll get notified regularly on the activity.
For our Professional customers we offer Single Sign-on (SSO) using Microsoft Entra with OpenID and Service Level Agreement (SLA). If your organization uses other SSO solutions than Azure, or has any specific additional security requirements, we are also able to customize your Enterprise plan.
Below you find links to all the information you and your team need to understand the details. You can always reach out to security@custellence.com or your contact at Custellence to ask any questions or send a request for the details in a neat package to give to your team for review.
How we offer enterprise-grade security.
How we protect your data and help you meet global privacy obligations.
How we use cookies and other tracking technologies
How to perform pen-tests and report security issues to us.
Read about the third-parties that process our customer data.