As a security company, the security and integrity of our systems is paramount. We accept the responsibility of safeguarding data that our customers’, employees’, and partners’ have entrusted to us.

A key part of our security program is responsible disclosure. We encourage and greatly appreciate security researchers to contact us to report any potential vulnerabilities found in our products or other digital assets.

For more information, check our Responsible Disclosure Policy.

We collect several different types of information for various purposes. The information we collect depends on your interactions with us, the Products you use, your location, the privacy settings you choose and applicable law.

Personal information you provide and PII we collect:

1. When You Visit Our Site
2. When You Use Our Products

For more details, please check our privacy policy.

Data encryption and security are critical components of data privacy, protecting sensitive information from unauthorized access and breaches. Data encryption involves converting plaintext data into coded form, using methods like symmetric (e.g., AES) and asymmetric encryption (e.g., RSA), to ensure only authorized parties can decrypt and access the information. Data security encompasses broader measures, including access control, network security, and physical security, to protect data throughout its lifecycle. Best practices include using strong encryption algorithms, regularly updating systems, implementing multi-factor authentication, and conducting regular security audits. These measures not only protect sensitive data but also ensure compliance with regulations like GDPR and maintain the trust of customers and stakeholders.

Personnel perform security and privacy awareness training on an annual basis. Topics covered include: Passwords, Mobile devices, Social Engineering, Physical security, Phishing, GDPR and CCPA.

In the event of a data breach involving customer data, notifications will be sent in accordance with the terms of the MSA.

Necessary, performance, and targeting cookies may be used to support our services. Our Cookie Policy for details on our use of cookies.

A high level network diagram is available in our SOC 2 report.

We have a strong internal password policy that includes a requirement for MFA for accounts that do not support SSO. Passwords are required to meet industry-leading complexity requirements and are stored in a company managed password manager.

Our product is subject to constant monitoring for any anomalous activity. Logs are stored and reviewed.

Access is restricted by stringent access control measures monitored and updated according to industry best practices on a regular basis. Access to internal systems is adherent to the principles of least privilege and separation of duties, subject to regular review by administrators, documented with clear rationales for provisioning and changes, and revoked according to strict termination policies.

Cequence Defense and Intelligence Team actively monitors the environment for known attacker tactics, techniques, and procedures (TTPs), as well as known malicious binaries and other suspicious activities. These regular activities are complemented by periodic reviews and investigations into anomalous activities to discover unknown threats occurring on a regular cadence.

Cequence centrally manages and secures all employee endpoints through a Mobile Device Management (MDM) solution. This systematic management allows us to enforce security policies, distribute software and updates, and monitor endpoint integrity.

All employee endpoints are protected with an advanced EDR solution. Endpoint security signals are monitored regularly for anomalous activity.

To enhance endpoint security, Cequence implements DNS filtering mechanisms that block access to malicious web traffic. This preventive measure is complemented by regular monitoring.

To protect the confidentiality and integrity of information stored on all employee endpoints, Cequence mandates full-disk encryption. Additionally, we continuously monitor endpoint security signals to promptly identify and investigate any anomalous activity.

Cequence's Sensitive Data Masking feature helps organizations protect personally identifiable information (PII), financial details, and other confidential data in HTTP request and response payloads by identifying and securely masking sensitive information. Using NIST-compliant Format-Preserving Encryption (SP 800-38G), it ensures that masked data retains its original structure while allowing for customizable configurations tailored to specific hosts, paths, and methods. Seamlessly integrated into Cequence Unified Application Protection (UAP) SaaS, this feature enhances data security, ensures regulatory compliance (GDPR, CCPA), and minimizes operational impact, empowering organizations to safeguard sensitive data while maintaining customer trust.

Both Single Sign On and domain verification functionality enable stringent access controls for select Cequence's products. Cequence products also support SAML.

Both role based and user based access controls are available for the Cequence product.

Additional details can be found in our product documentation.

Users can bolster their account security across the Cequence product, API and Labs services by configuring Multi-Factor Authentication through an SSO Provider.

Cequence is committed to building trust in our organization and platform by protecting our customer data, models, and products. Various policies and procedures are in place.

Our Information Security Policy defines the roles and responsibilities for all employees.

Cequence security requires all employees to adhere to an annually updated Acceptable Use Policy. This policy is crafted to prevent unauthorized disclosure, modification, removal, or destruction of information stored across our media platforms.