Below are some frequently asked questions about data and security at Sift. You can learn more on our Trust page and our Security and Privacy Whitepaper. If you have more questions about our policies, you can email our Privacy team at firstname.lastname@example.org.
What do you do with my data?
We analyze your data to detect fraud patterns on the site. Sift claims no ownership over the data collected on your behalf. We do not sell, share, rent, trade, etc. it. with anyone.
Sift is now officially SOC2 Type 2 Certified - which gives Sift improved security and reliability measures for all of our customers.
What information is shared with others?
Outside of members of the Sift team whose roles require it, only you and your fraud analysts will see your customers' data. Sift does share fraud patterns across our network (e.g. "Email addresses with more digits are more likely to belong to fraudsters"), but it does not share the specifics or the source of any given pattern.
What security measures do you have in place?
Sift prioritizes the security of client data above all else. Our team has substantial PCI and security experience from building these systems at Google and Amazon.
- Our production data is stored on a secure, private network with active probing to detect vulnerabilities in real time.
- Access to our servers and database systems is audited.
- Network access is secured via multi-factor authentication permitting access from only whitelisted networks.
- Data is stored on Amazon's EC2 Virtual Private Cloud. All data access is done over encrypted protocols.
- Employee access to raw data is limited to members of the team whose roles require it.