How Spinify Handles Security

Integrated data apps mean you just need to confirm access. Spinify then handles all the syncing and leaderboards can be up and running in minutes.

Our Security Objectives

The Spinify security framework has implemented SaaS industry best practices to support our objectives:

1. Information and Data Integrity. Throughout data transfer and at rest in our system, we ensure that customer information is always secure. 

2. Continuous Defense. Maintain availability of our services by minimizing any security risks through continuous testing and risk assessments.

3. Alignment with Standards and Best Practices. Our team use security practices follow industry guidelines for cloud security.

SOC 2 Type 2 Compliance

Spinify has achieved SOC 2 Type 2 compliance to show our commitment to security. Using a 3rd party independent auditor to evaluate and certify that our policies, infrastructure and product comply with these stringent standards to ensure the security of your data.


Spinify + Your Data

Spinify connects to various integration to collect rep activities and outcomes to create engagement and drive rep performance. The data required to do this depends on the specific integration and the KPIs and Targets you choose, this information can be quite minimal and requires no end-user personal data.

Your organization is in control of what data is connected to Spinify at all times.

To protect data that enters our system, our API / system is scanned with multiple tools, such as OWASP tools and Qualys security scans. Our application also goes through a rigorous amount of internal manual and automated testing before release, to ensure the integrity and security of the data is kept.

Lastly, Spinify employee access to your data is provided as necessary for customer support. 

Security of Data

At rest, all data lives within our Amazon Web Services (AWS) infrastructure located in US-WEST data centers.

During transit, all data is encrypted through the use of our SSL certificates issued by Go Daddy.

All data is encrypted at rest utilizing Advanced Encryption Standard (“AES”) 256 encrypted disks.

Removable storage or hard copies (such as printed records) are not used and are strictly prohibited by our Security Policies. 

Disaster Recovery

Spinify continuously backs up data and stored encrypted within our Amazon Web Services environment. With well documented disaster recovery and incident response plans to ensure we can recover from incidents in a timely manner. 

Spinify Data Center & Infrastructure Security

Spinify is a SaaS platform that is 100% cloud-based that is hosted in AWS in the USA. We do not host or operate any physical servers, load balancers, routers or DNS servers. All of our servers hosted in AWS are done through our own virtual private cloud with network access control lists that prevent unauthorized requests from reaching our internal network.

Amazon AWS provides regulatory and compliance assurances, including ISO 27001 and SOC 13. Amazon can provide further detailed information surrounding Amazon’s compliance and security documents.

Our customer data is logically separated when stored within the system. We maintain strict privacy controls in our code to ensure data privacy and prevention of cross-customer data access / contamination. All the data in our systems are tagged by organization / account and each request to our system requires this account context and is strictly enforced by client-side JSON web tokens. Any attempt to tamper an open session will result in immediate log-out and the rejection of all requests.

Application & Software Security

The Security of our solution is a very critical part of our solution development. The processes we built and follow emulate OWASP standards. Spinify utilizes separated development and pre-production staging environments, manual code reviews, QA testing, and automated code analysis in order to verify changes prior to deployment into our production environment.

Spinify has a continuous deployment model so we and our customers can get immediate access to our bug fixes, improvements and upgrades. Our apps, then automatically pick up changes so no restarts or interaction by our users is necessary to benefit from these changes. Furthermore, this development process enables prioritization of critical updates and vulnerability remediation as required.

Single sign-on (SSO) allows you to authenticate users without requiring Spinify login credentials. SSO is available through Salesforce and Microsoft. 

Looking for something specific?

Here are some reference pages:

Questions?

If you have further questions regarding our security practices, reach out to us for assistance.

submit a ticket

Level up results with gamification

Add friendly competition to drive motivation and give your team the recognition they crave, all while boosting data and performance visibility to the max! Unlock your team’s potential by making work more engaging with gamification.