Security & Compliance

Max-Antoine
Max-Antoine
  • Updated

Compliance

 

SOC 2 Type 2

Wave Connect has a SOC 2 Type 2 attestation for Security, Confidentiality, and Availability. More information is available here. To receive a copy of the report please Contact Support.

 

GDPR

The EU General Data Protection Regulation (GDPR) is a comprehensive data protection law that governs the use, sharing, transfer, and processing of personal data within the EU. For personal data in the UK, the provisions of the EU GDPR have been incorporated into UK law as the UK GDPR.

Wave Connect supports GDPR compliance. For more information on how Wave Connect protects your personal data, and the data of your customers, refer to our Privacy Policy and Data Processing Addendum.

For requests for access, correction, and/or deletion regarding your personal data, you can simply create a new request using our contact form Contact Form

CSA Star Level 1

The Security, Trust, Assurance, and Risk (STAR) Registry is a publicly accessible registry that documents the security and privacy controls provided by popular cloud computing offerings.

Our assessment is available on the CSA Website

 

Infrastructure

How is my data process

We do not sell the Personal Information that you provide us to any third-party. We do work vendors to provide our services. All sub-processor are available in our DPA. You can learn more on how your data is processed in our Privacy Policy

Data Encryption

Data is encrypted at rest on the underlying storage media. Communications to the Wave Connect application are encrypted using HTTPS/TLS 1.3. Certificates are issued by established third-party certificate authorities.

Data Backup

Wave Connect backs-up customer data daily and each backup is persisted for 30 days. These backups are not available to customers and are created for use in case of disaster.

Penetration testing and Audit scans

Wave Connect conducts regular penetration testing through third-party penetration testers, and has daily code reviews and static analysis checks.

Data location

We primarily use Google Cloud Platform as our cloud provider. All data is stored in the United States. For more details about our sub-processors, please refer to our Data Processing Agreement (DPA).