How Spinify Handles Security

Integrated data apps mean you just need to confirm access. Spinify then handles all the syncing and leaderboards can be up and running in minutes.

Looking for something specific? Here are some reference pages:

Our Security Objectives

The Spinify security framework has implemented SaaS industry best practices to support our objectives:

1. Information and Data Integrity. Throughout data transfer and at rest in our system, we ensure that customer information is always secure.

2. Continuous Defense. Maintain availability of our services by minimizing any security risks through continuous testing and risk assessments.

3. Alignment with Standards and Best Practices. Our team use security practices follow industry guidelines for cloud security.

Spinify + Your Data

Spinify connects to various integration to collect rep activities and outcomes to create engagement and drive rep performance. The data required to do this depends on the specific integration and the KPIs and Targets you choose, this information can be quite minimal and requires no end-user personal data.

Your organization is in control of what data is connected to Spinify at all times.

To protect data that enters our system, our API / system is scanned with multiple tools, such as OWASP tools and Qualys security scans. Our application also goes through a rigorous amount of internal manual and automated testing before release, to ensure the integrity and security of the data is kept.

Lastly, Spinify employee access to your data is provided as necessary for customer support.

Security of Data

At rest, all data lives within our Amazon Web Services (AWS) infrastructure located in US-WEST data centers.

During transit, all data is encrypted through the use of our SSL certificates issued by Go Daddy.

Removable storage or hard copies (such as printed records) are not used and are strictly prohibited by our Security Policies.

Spinify Infrastructure

Spinify is a SaaS platform that is 100% cloud-based that is hosted in AWS. We do not host or operate any physical servers, load balancers, routers or DNS servers. All of our servers hosted in AWS are done through our own virtual private cloud with network access control lists that prevent unauthorized requests from reaching our internal network.

Our customer data is logically separated when stored within the system. We maintain strict privacy controls in our code to ensure data privacy and prevention of cross-customer data access / contamination. All the data in our systems are tagged by organization / account and each request to our system requires this account context and is strictly enforced by client-side JSON web tokens. Any attempt to tamper an open session will result in immediate log-out and the rejection of all requests.

Software

The Security of our solution is a very critical part of our solution development. The processes we built and follow emulate OWASP standards. Spinify utilizes separated development and pre-production staging environments, manual code reviews, QA testing, and automated code analysis in order to verify changes prior to deployment into our production environment.

Spinify has a continuous deployment model so we and our customers can get immediate access to our bug fixes, improvements and upgrades. Our apps, then automatically pick up changes so no restarts or interaction by our users is necessary to benefit from these changes. Furthermore, this development process enables prioritization of critical updates and vulnerability remediation as required.

Questions?

If you have further questions regarding our security practices, please reach out to us at support@spinify.com and we can then provide additional information to your questions about the security of your data.