Security Policy

Learn about Deepgram's commitment to maintaining a company culture that values information security and data privacy.

At Deepgram, our employees and contractors all recognize that protecting company and client information is everyone's responsibility. One of the benefits of being a small organization is that new information, changes to policies or procedures, emerging potential external threats, and new tools can be communicated, implemented, and trained on quickly.

Physical Security Standards

Our servers are hosted on Microsoft Azure, which provides robust physical data security and environmental controls. We assess and test any environments where data may be transmitted or stored to ensure they meet our security standards.

Data Encryption

We securely encrypt any sensitive or confidential information (including PHI and PCI data) that we store or transmit over an electronic communications network to guard against unauthorized access. Encryption technology renders data unusable, unreadable, and indecipherable to unauthorized individuals.

Data Privacy

We only collect and process information that our customers provide us. Our customers own their data. We maintain a privacy policy that is accessible via our main website, which includes information regarding our information management practices, types of information we collect, and how that information is used.

Data Security

We use hardened systems, secured environments, and role-based access control to ensure that customer data is protected from unauthorized access. All access to our systems are tightly controlled, locked down, and we utilize two-factor authentication along with industry best practice encryption algorithms.

Application Security

Our application servers are secured behind industry-standard firewalls with restricted ports. Passwords are encrypted in transit and stored hashed. We ensure that our internal network is maintained correctly with vulnerability and patch management. We scan our code for vulnerabilities before each release deployment into production.

Incident Response, Disaster Recovery & Business Continuity

We have well-defined incident response and disaster recovery policies. We perform daily backups. In the unlikely event that any unauthorized access is alerted through our monitoring tools, Deepgram staff will:

  • Activate the Incident Response Plan and assemble response team members
  • Immediately reset all relevant passwords and revoke relevant keys, if applicable to the situation.
  • Notify Deepgram's Engineering, Product, and Customer Success teams
  • Notify affected customers (if impacted) of the intrusion and if/how their data was compromised, and provide timely updates on progress.
  • Conduct an assessment to identify the source of the breach and attain any necessary third-party to assist with forensics as required.
  • Define system or process improvement tasks to avoid incidents in the future.
  • Communicate affected customers (if impacted) of the improvement plan and update customers as improvements are deployed.

We maintain a business continuity plan that is tested and revised as necessary and at least annually.

Security, Privacy & Compliance

We provide on-going training for our employees for all information security policies and practices, and maintain disciplinary measures for violations of our policies and procedures. Additionally, our team maintains and follows a process for onboarding and offboarding, including providing only least-privilege access when deemed appropriate for job function, otherwise known as role-based access control.

We maintain HIPAA Compliance and are PCI Compliant; thus, we adhere to the requirements throughout the year, which includes a list of checks, obligations, and independent audits for verification.

Contact

If you have questions or comments regarding Deepgram's Information Security initiative, contact us.