Your data is
safe, available, & yours.
Your data security and privacy is our priority at ProfitWell.
Trusted by over 25k companies (more than any other metrics provider).
24/7/365 around the clock monitoring of our application, software, and infrastructure.
Customer data is always backed up and uptime is over 99.99%.
Compliance & Certification
ProfitWell follows the most reputable security standards on the market, and has the accreditations and audits to prove it.
- SOC 2 Type 2
- EU-US Privacy Shield
- GDPR
- CCPA
- PCI
What’s our security methodology?
Security isn't one of those sexy topics that gets clicks, but it's ultimately one of the foundations of a successful company.
At ProfitWell, our customers trust us with more subscription financial data than any other product out there. We take that responsibility seriously, and that’s why security needs to be and has always been a priority.
To ensure that our practices are airtight, ProfitWell has invested in the proper resources and controls to protect and service our customers. Our investment utilizes a security framework using best practices in the SaaS industry with our key objectives centering on data privacy and safety, service continuity, data and service integrity, and compliance and best practices.
-
Data privacy and safety
Deliver a superior product and service while protecting the privacy and confidentiality of data.
-
Service continuity
Maintain ongoing availability of ProfitWell and data to all authorized individuals.
-
Data and service integrity
Ensure that user and customer data is never corrupted or altered inappropriately.
-
Compliance and best practices
Implement process and controls to align with current international regulatory and industry best practice guidance.
Commonly requested info
The run down on the information you need.Your data belongs to you and is rarely accessed. ProfitWell will not access your data without express permission or in the event of a security or QA issue.
Your data 100% belongs to you and is never sold in any manner. We won't delete data in your account without giving you time to export it.
ProfitWell data is encrypted in transit (advanced TLS protocols and 2,048-bit keys) and at rest (Amazon's Key Management Service (KMS).
ProfitWell products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled. These partners are SOC 2 Type 2 and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.
We conduct third party network, application, and physical security tests and audits multiple times per year.
ProfitWell certified with the EU-US and Swiss-US Privacy Shield Framework, as well as SOC 2 Type 2. Our data center providers maintain ISO 27001, SOC 2, and many other certifications.
"Security is our priority at ProfitWell and that's why it needs to be an ongoing practice."
Michael Cox VP of Engineering
More information
Cloud Security
-
Data Center Physical Security
Facilities
ProfitWell hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.
On-Site Security AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures. Data Hosting Location Profitwell leverages AWS data centers in the United States. Customers can choose to locate their Service Data when needed. -
Network Security
Dedicated Security Team
Our Security Team is on call 24/7/365 to respond to security alerts and events.
Protection Our network is protected through the use of key AWS security services, ongoing audits, and network IT, which monitor and/or block known malicious traffic and attacks. Network Firewall Protection ProfitWell prevents network attacks with monitoring and protections including tightly controlled network-level firewalling. Third-Party Penetration Tests In addition to our extensive internal scanning and testing program, we conduct third party tests and audits multiple times per year. -
Encryption
Encryption in Transit
Data sessions are always protected with advanced TLS protocols and 2,048-bit keys.
Encryption at RestAll databases are encrypted at rest using Amazon's Key Management Service (KMS). The same encryption applies to the disks used for our production application servers as well.
Application and HR Security
-
Secure Development (SDLC)
Secure Code Training
Engineers participate in regular secure code training covering OWASP Top 10 security risks, common attack vectors, and ProfitWell security controls.
Separate Environments We separate testing and staging environments from the production environment. No service data is used in our development or test environments. -
Vulnerability Management
Third Party Penetration Testing
We conduct third party tests and audits multiple times per year.
-
Security Awareness
Policies
ProfitWell has created a comprehensive set of security policies. These policies are shared with and made available to all employees and contractors with access to ProfitWell.
Training All employees attend a security awareness training, which is given upon hire and annually on a recurring basis. All engineers receive annual secure code training. The security team provides additional security awareness updates via internal messaging, email, and in presentations during internal events. -
Employee Vetting
Background Checks
ProfitWell performs criminal background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. Cleaning crews are included.
Confidentiality Agreements All new hires are required to sign non-disclosure and confidentiality agreements.
