Links

Security

Overview

It's the job of everyone at Socratic to keep your work safe at every layer. Learn here about the steps we take to protect your data, from encryption to access controls. We prioritize your data's security so you can focus on what matters most—your business.

Encryption

  • Data ingress: Socratic supports encryption via HTTPS for all data being sent to Socratic systems, and strongly encourages all customers to only send data via HTTPS.
  • Data egress: All Socratic APIs supports sending data via HTTPS. Socratic dashboards only support HTTPS.
  • Encryption at rest: Where feasible, sensitive data is stored under encryption.

Physical protection

All Socratic servers are hosted on Amazon Web Services, which in turn employs industry standard protections. More information from AWS can be found here.

Access

  • Permissioning: We restrict access to all Socratic servers to only those employees with a need to access. All servers employ role-based permissioning.
  • Firewall: All servers are protected via VPN. Socratic's VPN employs role-based permissioning.

Monitoring

Socratic employs several systems for monitoring and detecting potential threats. These systems are evaluated on an annual basis, at minimum, to ensure accuracy and completeness.

Privacy by design

All major new projects undergo Privacy Impact Assessments to determine any impacts of work on privacy, and appropriate steps for risk remediation.

Logs

  • Permissions: Logs of all permissions changes are retained for at least 90 days.
  • Data requests: Logs for all API- and UI-based requests for data are retained for at least 30 days.

Certifications

Socratic has completed SOC 2 Type II certification. For a copy of the report, please email [email protected]. For our Data Processing Agreement (DPA), please see: https://www.socraticworks.com/terms#dpa.

Report a vulnerability

If you believe you’ve discovered a potential vulnerability, please let us know by emailing us at [email protected].
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within 15 business days of disclosure.
Make a good faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Socratic service. Please only interact with accounts you own or for which you have explicit permission from the account holder. While researching, please refrain from:
  • Distributed Denial of Service (DDoS);
  • Spamming;
  • Social engineering or phishing of Socratic employees or contractors;
  • Any attacks against Socratic’s physical property or data centers.
Thank you for helping to keep Socratic and our users safe!
Last modified 9d ago