Security at Faraday

Faraday can't operate without your data, so securing it is our top priority. We have been in business since 2012 and have handled hundreds of brands' PII data.

Logical isolation

As stated in our Terms, your company data is only used to generate your company's predictions. Any data you provide to us is logically isolated to your account and does not benefit other accounts.

SOC 2 Type II audit

Faraday is SOC 2 Type II audited by Wipfli, LLC. Here are the last 4 years of audits:

HackerOne penetration testing program

Faraday has an active HackerOne penetration testing and bug bounty program.

NIST 800-53 risk management program

Faraday has a NIST 800-53 risk management program that is assessed every quarter by the Faraday risk committee, comprising senior executives and security experts.

CCPA compliance

Faraday is compliant with the California Consumer Privacy Act. We will sign Data Protection agreements. We respond to data access, do-not-sell, and data deletion requests. The forms can be found on our Privacy page.

HIPAA compliance

Faraday is compliant with the Health Insurance Portability and Accountability Act. We will sign Business Associate Agreements.

GDPR compliance

Faraday is compliant with the European General Data Protection Regulation. We will sign Data Protection agreements. We will respond to data access, do-not-sell, and data deletion requests. Our method of compliance is to immediately delete all European data as soon as it comes into our possession.

Encryption at rest and in transit

Your data is encrypted at rest and in transit. Unencrypted access and unencrypted storage are disabled.

Trusted cloud

Security information and event management (SIEM)

Faraday has a SIEM implemented with Google Cloud Logging and Grafana.

Personally Identifiable Information (PII)

We require PII to match your data into our Faraday Identity Graph containing data about more than 270 million US adults. This can be combinations of:

  • plaintext name
  • plaintext postal address
  • plaintext phone
  • plaintext email
  • SHA-256 hashed lowercase email