Security Overview

How does Strety protect customer data?

At Strety, security is a top priority. Our platform is hosted on Heroku (AWS-backed), which provides a secure and compliant infrastructure. We use encryption, strict access controls, and regular security reviews to safeguard customer data.  We also have a very small team which helps us keep security controls and access very maintainable.  We use a third party MSSP to validate our security and also do not outsource development work.

Is customer data encrypted?

Yes. All data is encrypted:

  • In transit using TLS 1.2+
  • At rest using AES-256 encryption

This ensures that your sensitive information remains secure.

How often are security policies reviewed?

Strety has a list of security policies that we review semi-annually to align with best practices and evolving threats.

Does Strety comply with industry security standards?

Yes. We follow security best practices aligned with SOC 2, GDPR, and other industry standards. Strety leverages Heroku’s SOC 2 Type II, ISO 27001, and PCI DSS Level 1 compliance while implementing additional security measures. 

We are not SOC2 compliant ourselves but looking into this in 2025.

How does Strety ensure application security?

We follow secure software development lifecycle (SDLC) best practices, including:

✔ Regular vulnerability scanning & penetration testing
✔ Secure code reviews & static analysis
✔ Role-based access controls (RBAC) for internal systems
✔ Logging & monitoring for suspicious activity

Where is customer data stored?

Customer data is stored in U.S.-based data centers, hosted on Heroku’s AWS-backed infrastructure, ensuring high security and redundancy.

Who has access to my data?

Only authorized Strety employees with a legitimate business need can access customer data. Access is strictly controlled, logged, and monitored. 

How does Strety handle security incidents?

Strety has an Incident Response Plan in place to rapidly detect, contain, and remediate security incidents. Affected customers will be notified promptly in compliance with applicable regulations.

Does Strety support Single Sign-On (SSO) and Multi-Factor Authentication (MFA)?

SSO available through Microsoft and Google.  Two-Factor Authentication (2FA) is available for username and password logins

Can I request a Data Processing Agreement (DPA)?

Yes. If you require a Data Processing Agreement (DPA) for GDPR or other compliance needs, please contact our support team.

How does Strety handle backups and disaster recovery?

✔ Daily automated backups stored securely with encryption
✔ Disaster recovery plan to minimize downtime in case of an incident
✔ High availability architecture to ensure business continuity

Can I delete my data if I stop using Strety?

Yes. Upon request, we will permanently delete your data in accordance with our data retention policy. Please refer to our Privacy Policy for details.

How can I report a security issue?

If you believe you’ve discovered a vulnerability, please email us at [security@strety.com]. We take security concerns seriously and appreciate responsible disclosure.

Does Strety perform penetration testing?

Yes. Strety conducts regular third-party penetration testing to identify and mitigate security risks.

Does Strety share data with 3rd parties

We share user email data with 3rd parties as part of our normal course of business.

Hubspot – CRM, Intercom – Support, Mailgun – to send emails from system

Does Strety have a disaster recovery plan

Yes, Strety has a comprehensive Disaster Recovery Process to ensure business continuity and minimize downtime in the event of a system failure, cyber incident, or natural disaster.

Our disaster recovery strategy includes:
✔ Automated daily backups of customer data, stored securely with encryption
✔ High availability architecture to reduce the risk of service interruptions
✔ Redundant infrastructure hosted on Heroku (AWS-backed) data centers
✔ Incident response and recovery procedures to restore services as quickly as possible
✔ Regular testing and review of our disaster recovery plan to improve resilience

In the unlikely event of an incident, we follow a structured recovery process to restore services efficiently while maintaining security and compliance standards.

For more details, you can refer to our Privacy Policy or contact our support team.

Does Strety Fill out Security Questionnaires

Yes. Though this page is meant to answer a bulk of the questions on those questionnaires. 

For more information on data privacy, visit our Privacy Policy.

Strety
Partners
Help
All Rights Reserved. Copyright 2025