Security

Security is of paramount importance at Masthead Data. We build a solution that never reads or accesses company's actual data, Masthead processes only Google Cloud native logs and metadata to deliver its services. On top of that to ensure we maintain a safe and secure environment we use a variety of industry-standard technologies and practices. We provide regular security awareness training to our employees in both technical and non-technical roles to ensure that security is always given utmost priority and importance. If you have any questions, or concerns, or encounter any issues, please contact us at team@mastheadata.com.

Product Security Features

Masthead is secured by design, the application does not read or edit clients data at any point. Masthead agent is hosted either in client's Google Cloud project (VPC deployment) or on the Masthead Google Cloud project (SaaS deployment) and collects only aggregate metrics retrieved from logs and metadata. Our team is also strictly adherent to security-centric change management and incident management programs.

SSO

We support Google OAuth2.

Data Security

Masthead operates on the principle of least privileges. Masthead does not have access to clients' data, and nor do users of Masthead can have access to data through the Masthead application.

System And Software Security

The Masthead's systems are hosted on Google Cloud in some of the most secure data centers on Earth. These data centers are SOC 1&2 and ISO certified, and utilize the most secure physical security technologies, such as biometrics. All facilities are monitored by professional security staff.

All Masthead systems are hardened and regularly updated with the latest security patches.

Auditing & Monitoring

We are currently working on employing a 3rd party security auditing and penetration testing firm at least annually or any time there are major changes to our systems or architecture. This ensures that our internal systems and processes are performing as we believe they are.

We employ multiple real-time monitoring systems with 24/7 alerting to inform us of violations of policy as well as suspicious activity that may indicate a compromise.

SOC 2 Type II

Masthead is SOC 2 Type II compliant. All the details are available in the Trust Page.

Other compliance and security frameworks used

At Masthead, one of our core values is data privacy and security, which largely influenced the tech approach and architecture of Masthead. We are honored to say that Masthead is data secured and privacy-focused by design. Masthead strictly adheres to the General Data Protection Regulation (GDPR), Open Web Application Security Project (OWASP), and National Institute of Standards and Technology (NIST) and (Health Insurance Portability and Accountability Act) HIPAA frameworks as the solution does not access the data and process only metadata and logs files.