Certified & Secured
SOC
Service Organization Control Reports
HIPPA
Health Insurance Portability and Accountability Act
FERPA
Family Educational Rights and Privacy Act
ISO
International Organization for Standardization
Key Security Features
Application security
Security doesn’t stop with data and data centers because security and encryption also extends to your traffic. Some more details:
Intuitive algorithmic controls, powerful analytics, crafty machine learning, simple implementation tools, and cloud-based technologies are at your finger-tips.
Data Protection
SpotSearch is secured by design with progressive layers of security. Customer data is encrypted via SSL. None of SpotSearch's systems will modify or compromise the integrity of your source data.
Responsible Disclosure Policy
SpotSearch is committed to maintaining the security of our systems. Good security is critical to maintaining the trust of our customers. As such, we strive to continuously improve our security to ensure that we are prepared to meet the challenges posed by an ever-evolving threat landscape. We value responsible disclosure. When properly notified of a security issue, we are committed to working with security researchers to understand and remediate verified problems. If you believe you have found an issue on our site, we encourage you to report it to us in a private and responsible way. The following guidelines apply to researching and reporting potential security vulnerabilities in our network.
Security evaluations must:
- Be performed only on spotsearch.io domain or its subdomains
- Not be performed on any non-SpotSearch domain
- Not compromise the availability of SpotSearch’s services
- Not compromise the security or privacy of SpotSearch’s customers or the data on SpotSearch’s network
- Use non-destructive and non-disruptive testing
- Not involve social engineering or evaluation of physical security controls
Disclosure process
- Please submit your reports to [email protected]
- Include valid contact information for the reporter
- Include a description of the location and nature of the vulnerability
- Include a short description of the vulnerability’s potential security impact
- Optionally, include detailed steps to reproduce the vulnerability
- Screenshots or videos are always helpful
OneOrigin's response to reports of security evaluations
When reported a security issue, OneOrigin team will:
- Endeavor to acknowledge initial security evaluation reports within two business days
- Prioritize the reproduction and then confirmation of any reported vulnerability
- For any confirmed vulnerability, promptly identify a reasonable timeline for patching and public disclosure
- Not pursue legal action against any reporter who complies with all of the guidelines for performing and reporting security evaluations, and who also cooperates fully with SpotSearch’s reasonable requests for assistance in reproducing a vulnerability