Conveyor cares about data security, both ours and yours. Learn more about our procedures that help keep important data safe and secure. To report a security concern or incident please email us at email@example.com.
Conveyor's Security Documents
Conveyor helps you with your compliance. We also take our compliance seriously. We created a simple way for you to access the security documents needed to trust our data security practices and our products.
Data transfers between users and the Conveyor platform are secured using TLS 1.2 encryption.
Data encryption at rest
Data within the Conveyor production databases is encrypted at rest using AES-256 encryption.
SAML 2.0 SSO
Conveyor supports the industry-standard SAML 2.0 protocol for authentication using an external identity provider.
Two-factor authentication (2FA)
Conveyor supports 2FA with Time Based One Time Passwords (ie Google Authenticator) and with hardware token (ie YubiKey).
We complete risk assessment to gain an accurate and thorough understanding of the potential risks to and vulnerabilities of the security, availability, and confidentiality of our products and services.
We engage with trusted third parties to complete network and application vulnerability scans at least annually.
Conveyor performs internal vulnerability scans monthly to identify, prioritize, and remediate potential system vulnerabilities.
Vendor Management Program
Conveyor has implemented vendor management policies and procedures to ensure protection of assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.
Conveyor conducts background checks on all applicants selected for full-time employment.
All Conveyors receive security awareness training and all employees are required to complete the training annually.
The core Conveyor APIs are hosted in the United States. Please note that when you use the core Conveyor APIs, you are transferring your information outside of those regions to the United States for storage and processing.
The Conveyor platform application programming interfaces (APIs) run in the AWS US East (N. Virginia) Region.
Data Protection Agreement
We will enter into a Data Protection Agreement that specifically outlines how and when data will be transferred from the EU to the US.
We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information.
Conveyor shares information with service providers and other third parties who perform services on our behalf. This page provides a list of vendors with whom we share personal information as well as describes where each is located and what services these vendors provide for us.
Data Deletion Requests
Upon request, we will delete information that we have collected about you. To exercise this option, or for additional information about our privacy and data security practices, please visit our Privacy Statement or contact us at firstname.lastname@example.org.
Bug Bounty Program
We are dedicated to maintaining the security and privacy of the Conveyor services and customer data. We welcome security researchers from the community who want to help us improve our products and services. If you discover a security vulnerability, please give us the chance to fix it by emailing us at email@example.com. Publicly disclosing a security vulnerability without informing us first puts the rest of the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you for your work and interest in making the community safer and more secure!
Please see the full details and scope of our Bounty Program here.