Security at Conveyor

Conveyor cares about data security, both ours and yours. Learn more about our procedures that help keep important data safe and secure. To report a security concern or incident please email us at
Conveyor's Security Documents
Conveyor helps you with your compliance. We also take our compliance seriously. We created a simple way for you to access the security documents needed to trust our data security practices and our products.
Download Now

Product Features

Data encryption in transit
  • Data transfers between users and the Conveyor platform are secured using TLS 1.2 encryption.
Data encryption at rest
  • Data within the Conveyor production databases is encrypted at rest using AES-256 encryption.
  • Conveyor supports the industry-standard SAML 2.0 protocol for authentication using an external identity provider.
Two-factor authentication (2FA)
  • Conveyor supports 2FA with Time Based One Time Passwords (ie Google Authenticator) and with hardware token (ie YubiKey).

Security Operations

Risk Management
  • We complete risk assessment to gain an accurate and thorough understanding of the potential risks to and vulnerabilities of the security, availability, and confidentiality of our products and services.
Penetration Tests
  • We engage with trusted third parties to complete network and application vulnerability scans at least annually.
Vulnerability Scans
  • Conveyor performs internal vulnerability scans monthly to identify, prioritize, and remediate potential system vulnerabilities.
Vendor Management Program
  • Conveyor has implemented vendor management policies and procedures to ensure protection of assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.
Background checks
  • Conveyor conducts background checks on all applicants selected for full-time employment.
  • All Conveyors receive security awareness training and all employees are required to complete the training annually.

Compliance Certifications, Standards & Regulations

Business Continuity
  • We have documented and implemented a business continuity plan that we activate and follow in the event of disruptions.
  • We backup all production data and all backups are geo-replicate backups within the same judicial data boundary.
  • We test our business continuity plan at least annually using different real world scenarios.
  • We monitor Conveyor so that we can understand and maintain the stability and availability of our environment.
Conveyor currently maintains the following industry standard certifications:



Data Transfers from the EU to the US
  • The core Conveyor APIs are hosted in the United States. Please note that when you use the core Conveyor APIs, you are transferring your information outside of those regions to the United States for storage and processing.
  • The Conveyor platform application programming interfaces (APIs) run in the AWS US East (N. Virginia) Region.
Data Protection Agreement
  • We will enter into a Data Protection Agreement that specifically outlines how and when data will be transferred from the EU to the US.
Data Retention
  • We retain your personal information only as long as necessary to accomplish the business purpose for which it was collected or to comply with our legal and contractual obligations, plus 1 year, and then securely dispose of that information.
  • Conveyor shares information with service providers and other third parties who perform services on our behalf. This page provides a list of vendors with whom we share personal information as well as describes where each is located and what services these vendors provide for us.
Data Deletion Requests
  • Upon request, we will delete information that we have collected about you. To exercise this option, or for additional information about our privacy and data security practices, please visit our Privacy Statement or contact us at
Bug Bounty Program
  • We are dedicated to maintaining the security and privacy of the Conveyor services and customer data. We welcome security researchers from the community who want to help us improve our products and services. If you discover a security vulnerability, please give us the chance to fix it by emailing us at Publicly disclosing a security vulnerability without informing us first puts the rest of the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you for your work and interest in making the community safer and more secure!
  • Please see the full details and scope of our Bounty Program here.