We help hundreds of thousands of employees protect themselves from cyberattacks, and as such we also take our own security very seriously. Holding ourselves to industry-leading privacy and security standards, we take responsibility for the security and privacy of user data.
At Hoxhunt, we're committed to providing a service that meets the strict requirements of today's business environment.
Our security approach focuses on comprehensive security governance, risk management and mitigation, and compliance. This includes strong encryption of all data both in rest and in transit, network security, vm hardening, role based access control, system monitoring, logging, traces, metrics with alerts, and more.
Hoxhunt has a dedicated Compliance and Security staff, ready to assist you with the complexities of global data regulations, management, and oversight. We will help you navigate the global regulatory landscape.
Our data processing agreement is compliant with Article 28 of the GDPR and our Data Protection Officer, working alongside our legal team, ensures GDPR compliance with our service more broadly. We process user data for the strict purpose of providing our service.
The data processing agreement section of our standard terms contractually binds Hoxhunt to process the data of our users purely for the purpose of providing our service. We do not use user data for any other commercial purpose and nor do we sell user data to any third parties.
At Hoxhunt we’ve taken great care to build high quality internal processes that meet the SSAE 18 SOC2 standards. Our compliance to these standards is audited yearly by an external party. The SOC2 and SOC3 reports are available for customers and prospects on request. Additionally, we’re always happy to assist you with every aspect of your security or compliance requirements. We believe transparency is key for us to retain your trust.
We took immediate action after Schrems II to sign EU Standard Contractual Clauses (SCCs) with all subprocessors relying on privacy shield. Since then we significantly reduced the number of U.S. subprocessors in our service, and ensured that where we rely on SCCs we also pseudonymise all user data to ensure compliance with EDPB Recommendation 01/2020. We also incorporated the new EU SCCs (Decision 2021/915) into our standard terms.