We understand that pricing is one of the most crucial elements of your business, and handing pricing information to a partner like Corrily requires utmost trust in our security, data privacy and compliance procedures.
At Corrily, we take data integrity and security very seriously. Due to the nature of the product and service we provide, it is important that we acknowledge our responsibilities both as data controller as well as a data processor. We store and process your data and that of your customers with care and help you be compliant so that you can continue to build trust while enhancing customer experiences.
Our infrastructure, processes and systems are reliable, robust and are being third-party tested. We continuously look for opportunities to make improvements and give you a highly secure, and scalable experimentation and price management platform. Here are some of the concrete actions we have taken:
- Our infrastructure, software applications, policies are being continuously monitored using Vanta. This allows us to detect and address any discrepancies pro-actively.
- We secure your customers’ pricing information by staying compliant with GDPR.
- We adhere to strict ISO and SOC 2 standards to ensure security of your data that rests with Corrily.
- We force HTTPS for all services using TLS (SSL), including our public website and the Dashboard to ensure secure connections. We regularly audit the details of our implementation, including the certificates we serve, the certificate authorities we use, and the ciphers we support.
- Implementing network, application and operational level security policies. We are currently working with a security assessment vendor to conduct an independent penetration testing and will make the results available shortly.
Corrily only collects and stores information that is necessary to offer our service, and we do this only with the consent of our customers. Our approach towards privacy, security, and data protection align with the core tenets of GDPR.
Corrily takes Data Protection seriously - we have completed a comprehensive review of our operations to ensure that we are able to meet our obligations under all applicable regulations in all territories. We have completed a GDPR implementation project to ensure we have all required policies and procedures in place, and that we respect the rights of our data subjects at all times.
We have documented policies and procedures covering all aspects of compliance including: Privacy Policy, SAR Policy, Data Breach Policy, Information Security Policy and have adopted the GDPR DPA document as standard.
Additionally, we have appointed an Article 27 Representative and have established relationships with data protection consultants to ensure we meet our ongoing obligations and operate to the highest level of compliance at all times.
