Faraday can't operate without your data, so securing it is our top priority. We have been in business since 2012 and have handled hundreds of brands' PII data.
As stated in our Terms, your company data is only used to generate your company's predictions. Any data you provide to us is logically isolated to your account and does not benefit other accounts.
SOC 2 Type II audit
Faraday is SOC 2 Type II audited by Wipfli, LLC. Here are the last 4 years of audits:
- Faraday SOC 2 Type II 2020
- Faraday SOC 2 Type II 2021
- Faraday SOC 2 Type II 2022
- Faraday SOC 2 Type II 2023
HackerOne penetration testing program
Faraday has an active HackerOne penetration testing and bug bounty program.
NIST 800-53 risk management program
Faraday has a NIST 800-53 risk management program that is assessed every quarter by the Faraday risk committee, comprising senior executives and security experts.
Faraday is compliant with the California Consumer Privacy Act. We will sign Data Protection agreements. We respond to data access, do-not-sell, and data deletion requests. The forms can be found on our Privacy page.
Faraday is compliant with the Health Insurance Portability and Accountability Act. We will sign Business Associate Agreements.
Faraday is compliant with the European General Data Protection Regulation. We will sign Data Protection agreements. We will respond to data access, do-not-sell, and data deletion requests. Our method of compliance is to immediately delete all European data as soon as it comes into our possession.
Encryption at rest and in transit
Your data is encrypted at rest and in transit. Unencrypted access and unencrypted storage are disabled.
- Our app and API run in Google Cloud Platform. They are private nodes served by Google Load Balancers, which are themselves behind a restrictive Web Application Firewall (Google Cloud Armor).
- Our database is Google Cloud SQL and is not accessible to the public internet.
- Our data warehouse is Google BigQuery.
Security information and event management (SIEM)
Personally Identifiable Information (PII)
We require PII to match your data into our Faraday Identity Graph containing data about more than 270 million US adults. This can be combinations of:
- plaintext name
- plaintext postal address
- plaintext phone
- plaintext email
- SHA-256 hashed lowercase email