Uncountable Security

Securing our customers' data is the paramount commitment at Uncountable, ensuring its integrity and confidentiality for authorized users.

SOC-2 Type II Certification: Subject to rigorous annual external audits for continuous adherence to industry-leading security practices.
ISO27001 Compliance: Strict adherence to international standards, providing a robust framework for information security.
HIPAA and GxP Compliance: Committed to meeting the stringent requirements for healthcare and pharmaceutical data protection.
Privacy Shield Membership: Demonstrated commitment to data protection while participating in the Privacy Shield program.

Confidentiality: Treating customer data as confidential and proprietary, enforcing access controls through role-based mechanisms.
Encryption Protocols: Employing AES-256 encryption for data at rest and TLS for in-transit data.
Data Segregation: Rigorous schema-level isolation and regular penetration testing to ensure customer data segregation.
Data Classification: Classifying data based on confidentiality, proprietary, or other standards enforced with differentiated user access

Server Audits: Regular audits of web servers to uphold the highest standards of security., including: Content Security Policy, XSS-Protection, HTTP Strict Transport Security, X-Content-Type-Options, and X-Frame-Options.
Email Security: Leveraging the AWS secured email service and implementing Sender Policy Framework (SPF) for domain security.
File Security Controls: Robust file-sharing mechanisms with per-user controls, malware scanning, and unrestricted file size handling.
Application Integrity: Ensuring the Uncountable application cannot be embedded or proxied through external clients.
Browser Supports: Supporting all modern browsers and operating systems as well as mobile browsers for iOS and Android.

SSO with SAML: Encouraging the use of Single Sign-On (SSO) through Security Assertion Markup Language (SAML) for enhanced account security.
Password Security Measures: Enforcing default password strength requirements with optional multi-factor authentication.
IP-Whitelisting: Supporting IP-whitelisting to restrict account access to specific, authorized IP addresses.

AWS Deployment: Leveraging Amazon Web Services (AWS) infrastructure for deployment, providing a robust and scalable foundation.
Global Deployment Options: Uncountable has deployments in the U.S., EU and Japan to accommodate customer preferences.
VPC Deployment Option: Optionally deploying Uncountable within a Customer's Virtual Private Cloud (VPC), allowing customers to manage encryption keys.

Audit Logs: Maintaining comprehensive admin audit logs to track all system actions.
Entity-Specific Logs: Empowering individual users to access audit logs for entities under their management.

Continuity Planning: Implementing a comprehensive disaster recovery and business continuity plan, shared transparently with our valued customers.
Public Application Status: Providing a publicly accessible link for customers to check the real-time status of the application.

Changelog Publication: Regularly updating the changelog, published on our dedicated support site.
Data Backup Practices: Consistent and frequent data backups, including daily database snapshots stored redundantly in multiple cloud regions.

Customer Data Ownership: Affirming customer ownership of data and content. Data uploaded to and content in reports exported from the application is owned by our customers.
Full Data Exports: Facilitating customer requests for full data exports at any time.
GDPR Compliance: Conforming to the General Data Protection Regulation (GDPR) standards for the protection of personal data.

Third-Party Penetration Tests: Subjecting Uncountable to yearly third-party penetration tests, covering OWASP Top 10 vulnerabilities and more.
Network Vulnerability Scans: Conducting regular network vulnerability scans to identify and mitigate potential security risks.

See how Uncountable transforms research & development