Security
We'd like to share some of the practices we're following to keep your data secure in this document, and what we're doing to continually improve the security of your data.
This page describes some of our security measures. For more information, please see our Privacy Policy and DPA.
If you believe you have found a security issue in one of our services you can report it by emailing us at security@causal.app.
For any other questions, feel free to get in touch with us at security@causal.app.
Our procedures
A brief description of our procedures are:
- We only store the data we need to — data that's required for accessing your account, connecting with your third party tools, and for debugging workflows.
- All data sent to Causal is encrypted in transit. Our workflow and application endpoints are TLS/SSL only.
- We log audit trails over our infrastructure and the Causal application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
- We have advanced alerting and monitoring systems for both security and uptime. Engineers are on call 24/7 in case any problems are detected.
- We use strong passwords on third-party software accounts we use. We regularly review the permissions given to different third-party tools and discourage the use of shared logins. Where shared logins are unavoidable, we use 1Password for teams to securely share logins.
- We have fully functional automation systems in place which enable us to deploy changes to any of our applications in minutes. We typically deploy multiple times a week — so we are well placed to roll out a security fix quickly, should the need arise.
- We have documented incident response plans to handle any issues that might arise.
Our Team
Our team is made up of people who have years of experience working for large multinational companies in areas where security is paramount. Our passion for security is foremost and we make sure that even the least security-oriented engineering roles are tested thoroughly on their security knowledge.
Our CTO worked at WhatsApp, a company famous in tech for its privacy and security culture. We're applying their core principles to our products at Causal.
Hosting
All our production systems and databases are running on Google Cloud facilities, hosted in the USA. For full information on the extensive measures, Google takes to keep their facilities secure, visit the Google Cloud security page.
Payments
Causal does not store payment information on our servers — we’re not in the business of payments processing. All online payments are processed through our payments provider, Stripe. For more information about PCI compliance and Stripe’s other security features, see Stripe’s security page.
Certifications
We are SOC 2 certified. Read more here. A full SOC 2 report can be provided on request.