Security at Sauce

Please find Sauce’s security information below. If you have any additional questions please contact us at security@sauce.app. For more details on internal controls and reports, please visit out Trust Center.

Overview

Protecting customer data is core to Sauce. We take privacy and security into consideration in all aspects of the platform and supporting infrastructure. Earning and keeping the trust of our users is our top priority, and we continually look for ways to expand and improve the security of Sauce as the product innovates.

Our team has taken a holistic approach to security, using ISO27001 as the framework for Sauce’s Information Security Management System (ISMS). We strive to develop a program that protects the confidentiality, integrity and availability of the data. Sauce’s program leverages a host of network and endpoint security tools to prevent unauthorised access to customer data. We have developed security policies that are updated at a minimum on an annual basis, on categories such as risk management, access control, incident response, change management and others. Employees at Sauce received training and awareness programs to ensure they understand and adhere to information security policies and practices.

We are committed to continuous monitoring and measurement of the ISMS to ensure it remains effective and aligned with ISO27001 requirements. This includes implementing regular management reviews to assess the effectiveness of the ISMS and identify opportunities for improvement. While we continue to implement and refine our ISMS, we are committed to a path of multi-certification.

Secure Architecture

At Sauce, we've designed a secure architecture to guarantee the utmost safety of our customers' data. We do reviews at least annually on our architecture to ensure our approach is consistently aligned with the latest security standards and best practices, adapting to new threats and technological advancements to maintain our commitment to data protection and privacy.

How we handle data from 3rd parties

Sauce takes data privacy and security seriously, operating under the principle of least privilege when it comes to data collection. We adhere to a strict policy of only collecting the data necessary to provide our valuable services, putting the power in your hands to choose which data types are collected (e.g. analysing feedback data). We understand that your data is your asset, and therefore, you always have the option to turn off data collection at any time, and request the deletion of your data from our platform. We value transparency, and for more detailed information on our third-party partners and their roles in data processing, we encourage you to refer to our sub-processor page.

All integrations are authenticated via OAuth 2.0.

Common integration data scopes

If you wish to understand the scopes of other integrations, please reach out to us at security@sauce.app.

Vulnerability assessments

At Sauce, we proactively embrace a rigorous approach to vulnerability assessments, ensuring our platform's security is always at the forefront. Regular evaluations are conducted by our team, identifying and addressing potential weaknesses to maintain the highest level of protection for our customers' data. We currently have implemented a range of automated monitoring including automated code review, dependency scanning and network activity monitoring.

Data-loss prevention (DLP)

In the realm of data security, Sauce's approach to Data Loss Prevention (DLP) is a pivotal aspect of our comprehensive security strategy. We have implemented an incident management process tailored for data loss incidents. This process is undergirded by a system of rolling snapshots and backups, ensuring that data integrity and accessibility are maintained even in the face of potential threats. The efficacy of our data restoration process has been rigorously tested, providing a reliable recovery mechanism.

FAQ

Who is your cloud infrastructure provider and what region is your instance located?

We use Amazon Web Services and our region is Sydney, Australia (ap-southeast-2).

Who are your sub-processors of data?

You can find a list of our sub-processors here.

Is your data encrypted?

All communication outside our cloud environment is encrypted. In addition, our databases are encrypted at rest. We keep data secure in transit and at rest. In transit, data is only accessible via TLS/SSL, and at rest, is encrypted with AES256.

Do you provide OAuth, SAML or advanced authentication controls?

Not at this time but it's on our roadmap. Please reach out to security@sauce.app for more details.

How does Sauce use AI and LLMs?

We ensure that any information input into any artificial intelligence (AI) used within Sauce’s platform is not being used to train the AI model and to otherwise handle your information in accordance with our Privacy Policy, which is available on our website.

Do you offer permissions or admin roles?

We don't offer permissions or admin roles at the moment but it's on our roadmap. Reach out to security@sauce.app for more details.

Who has control over setting up and using integrations?

Anyone on the team can set up integrations. For delivery integrations Jira and Linear, you can select specific boards for each team in Sauce.

How long do you keep my data?

We keep your data indefinitely unless you request deletion by contacting us directly. Sauce retains data as long as Sauce has a need for its use, or to meet regulatory or contractual requirements. Once data is no longer needed, it is securely disposed of or archived. Sauce in consultation with legal counsel may determine retention periods for data.

How can I access, transfer or delete my data?

How can I contact Sauce for requests relating to my data?

Please write to security@sauce.app and we'll be happy to assist you.

PreviousFeedback rules NextGDPR Commitment

Last updated 2 months ago