LEGAL

Terms of Service

Privacy Policy

DPA

Security

SOC 2

Security

Current is built using a modern, enterprise-level technology stack in order to keep your data secure.


Security commitment

Current takes security very seriously. We understand that we’re storing image, videos, and links of your company’s intellectual property and are committed to keeping it private and safe. Current encrypts data at rest and in-transit.


Compliance


SOC 2 Type 2

Current is SOC 2 Type 2 compliant. If you would like to see a copy of our report please reach out at security@current.so


Penetration Test

We have conducted a third-party penetration test, if you would like to see the report, please reach out at security@current.so.


Cloud Application Security Assessment

Current has successfully completed a Cloud Application Security Assessment (CASA), validating Current has satisfied CASA application security requirements. If you're like to see the report, please reach out at security@current.so.


Infrastructure

Current is built primarily using AWS (Amazon Web Services) to ensure we have scaleable, fast, and secure staging, and production environments.


Current’s Security Features

Data Encryption

Current encrypts your data aligning with industry-tested and accepted standards. We use TLS 1.2 to encrypt network traffic between users' browsers and the Current platform. We also use AES-256 bit encryption to secure your data stored at rest.


Single Sign On (SSO)

We use Google OAuth 2.0 for Authentication meaning we don't store any user passwords. Additionally we only ask for the minimum amount of permissions necessary to effectively use Current.


SAML SSO

In addition to Google OAuth 2.0, we offer customers the ability to configure a SAML Identity Provider and have a feature to enforce SAML sign in.


Incident response plan

In the event of a data leak or security vulnerability, we have pre-defined escalation plans internally to triage the problem to the right team, communicate with customers, and resolve the issue.


Software Development Lifecycle (SDLC)

All code changes are reviewed by teammates in order to ensure quality of our software, and integrity of our security.


Vulnerabilities

Current uses automated scanning tools to monitor our infrastructure and warn us about potential vulnerabilities.


Corporate Security

Employees are required to use multi-factor-authentication (MFA) where possible for services we use to manage, develop, and deliver Current. Access to production environments is only granted on an as-needed basis. We have logging throughout our staging and production environments to track when employees access or make changes.

All employees are required to complete regular data privacy and security training.


List of Authorized Sub-Processors

Amazon.com, Inc. (AWS)

Description: Hosting and cloud computing services

Location: United States


Mixpanel, Inc.

Description: Product Analytics

Location: United States


Open AI, LLC

Description: Artificial Intelligence

Location: United States


Sentry, Inc.

Description: Crash / Error Monitoring

Location: United States


Stripe, Inc.

Description: Payment Processor

Location: United States


Security Questions or Issues

If you believe you may have identified an issue with Current’s security or have any questions, please email us at security@current.so