Security and Compliance

Carrots Technology Platform Status

The Carrots Technology Customer Commitment

At Carrots Technology, we are only successful if our clients are successful and (more than) satisfied with our services, our platform, and our corporation as a whole. This is why our number one goal is to earn and maintain your trust in us – and to continually show our commitment to you.

Expertise and Communication

Our team strives to apply all industry best practices and the latest technologies to ensure that each and every client’s experience is a secure, reliable, and enjoyable one. We are a transparent and accommodating team of professionals dedicated to proactively communicating any errors or bugs, updates, and new features to guarantee that every experience is beneficial for the company and exciting to be a part of.

Backups

Carrots conducts hourly backups of the entirety of our application as well as all customer data sent to our app. We keep these records for up to 90 days to ensure that your data will not be lost at any time.

Cybersecurity

Cybersecurity professionals have audited our application to ensure that we’ve taken every precaution possible to keep your data safe at all times. All data coming and going from the application is encrypted via an SSL certificate to avoid data sniffing. All passwords are encrypted to protect the data from attacks ranging from rainbow tables to brute-force search attacks.

Data Centers

Our physical servers are hosted and managed within Amazon’s data centers as our application and website use Amazon Web Service (known as AWS) technology. Other companies using these same facilities and services include GE, Pfizer, and Netflix. Amazon maintains the following security certifications:

• SOC1/SSAE 16/ISAE 3402 (formerly SAS 70)
• SOC 2
• SOC 3
• FISMA, DIACAP, FedRAMP
• CSM Levels 15
• PCI DSS Level 1
• ISO 9001 / ISO 27001

Physical Security

The AWS data centers are housed in secure, nondescript locations for added protection. These critical facilities have extensive military-grade perimeter controls as well as boundary protection. Both at the perimeters of the facilities as well as building entry points, physical access is strictly controlled by professional security staff utilizing state-of-the-art intrusion and security systems as well as constant video surveillance. All authorized personnel must verify their identity via two-factor authentication a minimum of three times to gain access to data center floors. Visitors and contractors must sign in and present identification upon arrival and are continually escorted by AWS staff.

Vulnerability Reporting

To report a security vulnerability, please contact us.