Securing consumer and customer data is our top priority. We have been in business since 2012 and have handled PII from hundreds of US companies.
Corporate information
Faraday is a Delaware corporation, incorporated in 2012. All Faraday employees are based in the United States and all data processing occurs in the United States.
Logical isolation
As stated in our Terms, your company data is only used to generate your company's predictions. Any data you provide to us is logically isolated to your account and does not benefit other accounts.
SOC 2 Type II audited
Faraday is SOC 2 Type II audited by Wipfli, LLC. Here are the last 4 years of audits:
- Faraday SOC 2 Type II 2020
- Faraday SOC 2 Type II 2021
- Faraday SOC 2 Type II 2022
- Faraday SOC 2 Type II 2023
Background checks
All Faraday employees who handle consumer or client data must pass a background check using Checkr.com.
HackerOne penetration testing program
Faraday has an active HackerOne penetration testing and bug bounty program.
NIST 800-53 risk management program
Faraday has a NIST 800-53 risk management program that is assessed every quarter by the Faraday risk committee, comprising senior executives and security experts.
CCPA and other US privacy law compliance
Faraday is compliant with various US data privacy laws, including
- California Consumer Privacy Act
- Colorado Privacy Act
- Connecticut Data Privacy Act
- Delaware Personal Data Privacy Act (effective 1/1/2025)
- Indiana Consumer Data Protection Act (effective 1/1/2026)
- Iowa Consumer Data Protection Act (effective 1/1/2025),
- Kentucky HB 15 (effective 1/1/2026)
- Montana Consumer Data Privacy Act (effective 10/1/2024)
- Nebraska Data Privacy Act (effective 1/1/2025)
- New Hampshire SB-255 (effective 1/1/2025)
- New Jersey S332 (effective 1/15/2025)
- Oregon Consumer Privacy Act (effective 7/1/2024)
- Tennessee Information Protection Act (effective 7/1/2025)
- Texas Data Privacy and Security Act (effective 7/1/2024)
- Utah Consumer Privacy Act
- Virginia Consumer Data Protection Act
HIPAA compliance
Faraday is compliant with the Health Insurance Portability and Accountability Act. We will sign Business Associate Agreements.
GDPR compliance
Faraday is compliant with the European General Data Protection Regulation. We will sign Data Protection agreements. We will respond to data access, do-not-sell, and data deletion requests. Our method of compliance is to immediately delete all European data as soon as it comes into our possession.
Encryption at rest and in transit
Your data is encrypted at rest and in transit. Unencrypted access and unencrypted storage are disabled.
Subprocessors
| Entity name | Activity | Country where processing is performed | Registered address | Country of registration |
|---|---|---|---|---|
| Google LLC | Compute, networking, security, data storage, databases, logging, monitoring | United States | 1600 Amphitheatre Parkway, Mountain View, CA 94043 | United States |
| Amazon Web Services, Inc. | DNS, data storage | United States | 410 Terry Avenue North, Seattle, WA 98109-5210 | United States |
Security information and event management (SIEM)
Faraday has a SIEM implemented with Google Cloud Logging and Grafana.
Personally Identifiable Information (PII)
We require PII to match your data into our Faraday Identity Graph containing data about more than 240 million US adults. This can be combinations of:
- plaintext name
- plaintext postal address
- plaintext phone
- plaintext email
- SHA-256 hashed lowercase email