Sherpa | Trust Center

Sherpa Trust Center

Documentation of our compliance against global standards including certifications, attestations, and audit reports.

Resources

SOC 2 Type 2 Report

Independent audit of our security controls and operational effectiveness.

PCI DSS 4.0

Payment Card Industry Data Security Standard compliance documentation. Ensures secure handling of cardholder data and adherence to payment processing requirements from 3rd party payment providers we use.

Cybersecurity Insurance

Coverage details and policy information for our insurance, including cyber liability protection.

Penetration Testing Report

Third-party security assessment results from our latest penetration testing. Identifies vulnerabilities and documents remediation actions taken.

Privacy Policy

Our commitment to data protection and privacy practices. Details how we collect, use, and safeguard personal information in compliance with applicable regulations.

System Status Page

Real-time operational status and historical uptime data for our services. Includes scheduled maintenance windows and incident notifications.

Terms and conditions

Legal agreement governing the use of our services. Outlines user responsibilities, service limitations, and dispute resolution procedures.

Acceptable use policy

Access control and termination policy

Business continuity and disaster recovery plan

View all

FAQs

Yes, we conduct one or more annual third-party audits to validate our security controls and compliance posture.

Yes, we maintain a formal MDM program to manage and secure mobile devices accessing our systems and data.

Yes, we perform annual third-party penetration testing to identify and remediate security vulnerabilities.

Yes, we maintain a comprehensive disaster recovery plan to ensure business continuity in the event of system failures or disasters.

Yes, our subprocessors list is available and regularly updated.

Yes, we maintain cyber insurance coverage to protect against cyber incidents and data breaches.

Yes, we have processes in place to delete customer data upon request in accordance with our data retention policies and applicable regulations.

Yes, we use a centralized IAM solution with SSO capabilities to manage employee access to our systems.

Yes, we maintain a comprehensive privacy policy that outlines our data handling practices.

Subprocessors

Okta Inc. (Okta Workforce Identity & Auth0)

Used for secure identity and access management across our organization, and external identity and access management across our services.

Data location: United States

Monitoring

Continuously monitored by Secureframe

View all

Resources

SOC 2 Type 2 Report

PCI DSS 4.0

Cybersecurity Insurance

Penetration Testing Report

Privacy Policy

System Status Page

Terms and conditions

Acceptable use policy

Access control and termination policy

Business continuity and disaster recovery plan

FAQs

Subprocessors

Okta Inc. (Okta Workforce Identity & Auth0)

Monitoring

Change Management

Availability

Organizational Management

Confidentiality

Vulnerability Management

Incident Response

Risk Assessment

Network Security

Access Security

Physical Security

Compliance

GDPR

SOC 2 Type 2

PCI

Trusted by

Monitoring

Change Management

Availability

Organizational Management

Confidentiality

Vulnerability Management

Incident Response

Risk Assessment

Network Security

Access Security

Physical Security

Communications