What security measures does The.com take?
General Information
What services are provided to Company?
Pletta is the first website automation platform designed to produce personalize web content at scale. Pletta combines the power of web development, AI content, and page deployment in one simple, scalable web solution. With Pletta, you can say goodbye to generic content and waiting for your dev team all while converting an average of XX% visitors and publishing pages 8x faster. Join the 250,000+ pages that have already launched with Pletta and are doing growth differently.
Does your company display a privacy notice on the homepage of your website?
Yes
Do you have click-through terms, or require a service agreement?
Yes
Is your primary headquarters in the US?
Yes
Governance, Risk, and Compliance
Is your information security program reviewed at least annually or whenever there is a material change in your business practices that may reasonably affect the security or integrity of Company Data?
Yes
Do you leverage a risk assessment framework to to identify and assess internal and external risks to the confidentiality, integrity, and availability of electronic, paper, and other records containing Company Data?
No
List industry standards or applicable laws and regulations (e.g., SOX, PCI, HIPAA, GDPR, etc.) that your company is required to comply with
N/A (Third party card processor is PCI compliant)
Has your company in the last two years undertaken a SOC 1 or 2 (Type I or II) attestation or ISO certification, or similar independent audit of your information security program? Provide details and the applicable report.
No
If you process cardholder data and it is applicable to this service relationship with Company, are you PCI Compliant (or equivalent, depending on jurisdiction)?
N/A
If you process PII for non-US individuals and it is applicable to this service relationship with Company, are you compliant with respect to relevant privacy laws (e.g., GDPR, PIPEDA)?
N/A
Are there policies (i.e., Information Security, Physical Security, Data Classification, Incident Response, Acceptable Use, Network Security (incl. Wireless and Remote Access), Privacy, Change Management, Access Control, Asset Management that are approved by management, distributed to appropriate staff, and reviewed/updated annually?
No
Third Party Management
Do you have a third party risk management process?
No
How often are your vendors and service providers [re]assessed?
Annually
Will any Company Data be processed, stored, or accessed by your company (or your service providers) outside of the US? If so, please list countries.
No
Is any data sent or processed outside of your infrastructure, with another party?
Yes
Please list third-parties and sub processors who will provide direct or indirect support for the services defined with Company.
Cloudflare, Firebase, chargebee, sentry, mixpanel
How do you ensure that Company Data accessed by third-parties and sub processors is secure?
Pletta evaluates vendors to ensure they are compliant where appropriate
Human Resources
Are background checks performed before system access is granted?
No
Is the signing of a Code of Ethics, and/or non-disclosure agreement, and/or confidentiality agreement, and/or acceptable use agreement required before system access is granted?
Yes
Are all employees required to acknowledge security policies?
Yes
Are all employees required to complete information security awareness training during the onboarding process?
No
Is there a documented offboarding process that involves the removal of account access within 24 hours and retrieval of company assets?
Yes
How do you sanction users who do not comply with your company policies or mishandle customer or sensitive data?
We have processes to block access when not compliant
Physical Security
Are there any data closets with networking equipment onsite in your offices?
No
Are all visitors required to sign in with a government-issued ID before access is allowed to your office or sensitive areas?
N/A - There is no physical office
Are visitors to physical sites escorted at all times?
N/A - There is no physical office
Is physical access to systems that contain sensitive information restricted to only approved personnel and logged?
N/A - There is no physical office
Do you conduct active monitoring (e.g., Smoke/Fire, Video/CCTV) of the location where sensitive information is kept?
N/A - There is no physical office
If your primary data processing takes place by a cloud provider (AWS, Azure, Google Cloud) have you reviewed their security documentation (where you rely upon their controls)?
Yes
Identity & Access Management
Is role-based access to all systems and data implemented?
Yes
Are the principles of least privilege enforced?
Yes
Are unique IDs for all individuals and systems required?
Yes
Are user accounts and access rights to all systems and data periodically reviewed?
Yes
Are password management controls implemented according to industry-accepted practices?
Yes
Is multi-factor authentication required for remote access and deployed for all systems where possible?
Yes
Is access revoked from systems with Company Data when access is no longer needed?
Yes
Vendor Contact Email
team@pletta.com