Sapling Logo

Sapling's Commitment to Security & Privacy

From the start, security has been a top priority at Sapling. This is reflected from the ground up in our infrastructure, systems, and procedures.

As we service enterprise clients in the U.S. and internationally, we ensure that we (1) follow the latest security practices, (2) seek external testing and audits, and (3) provide customizable cloud and self-hosted/onprem offerings.

Data Policies and Procedures

Data encryption

Sapling uses TLS encryption for data in transit and AES-256 encryption for data at rest.

Isolated networks

Our servers are located in a private network with default deny configuration.

Restricted access

Access to data is restricted and data is only processed on our private networks.

Security training

All Sapling employees are undergo privacy and security training.


Please contact us for detailed data policies and procedures.

Compliance

Sapling undergoes annual external vulnerability assessment and penetration testing (VAPT), and is also SOC 2 Type II certified. Contact us for detailed reports and documentation.

SOC2 VSA Questionnaire PCI DSS Compliant HIPAA Compliant
Single Sign-On Data Retention

Sapling additionally supports customers who require HIPAA and/or PCI compliance.

Offerings

In addition to following security best practices, Sapling also offers customized data storage and retention options and self-hosted deployments. Enterprise accounts include audit logs, role-based access controls (RBAC), and single sign-on.

Infrastructure

Sapling runs its production systems on Amazon Web Services (AWS) with multiple monitoring and alert systems to detect threats and anomalies.

Contact Us

Please email security@sapling.ai with any other questions or concerns.