Last modified: August 7, 2024
Canner, Inc. (“Canner” or the “Company”) is committed to the security of our customers’ data and the integrity of our systems are our top priorities. This Security Policy outlines our commitment to safeguarding information and the measures taken to protect against unauthorized access, disclosure, alteration, and destruction.
256-bit Advanced Encryption Standard (AES), the most robust form of AES encryption available, renders the files in our systems inaccessible to unauthorized users for applicable products hosted by Canner.
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data as it transfers between client devices and our servers.
Our applications and infrastructure are regularly tested for security vulnerabilities and hardened to enhance security and protect against attacks.
Penetration testing is conducted periodically to evaluate the security of our applications. All areas of our product and closed infrastructure are in-scope for these assessments.
Canner’s software application lifecycle includes comprehensive security measures to ensure the integrity and safety of our products. These measures include static analysis of test code during pull request on an ongoing basis, malicious dependency scanning to prevent introduction of malware into our software supply chain, periodic network vulnerability scanning, security assessments and code reviews to identify and mitigate potential security risks.
Canner follows the risk management procedures in compliance with SOC 2 for risk assessment and risk mitigation. All our products must go through code review, CI, and build pipelines to reach production servers. Only designated employees have access to production servers.
Canner provides comprehensive security training to all employees upon onboarding and annually through educational modules to ensure keeping up with best practices. In addition, all new employees attend a mandatory live onboarding session centered around key security principles.
Access to sensitive data is restricted based on role and necessity. Only authorized personnel with a legitimate business need can access sensitive information.
Multifactor authentication (MFA) is required to access internal systems and sensitive data.
Canner uses a risk-based approach to vendor security. The company prioritizes security in our vendor selection process to ensure that all third-party partners meet our stringent security standards. Vendors are evaluated based on their security practices, compliance with relevant regulations, and their ability to protect sensitive information. This includes a thorough review of their security policies, data protection measures, and incident response procedures.
Canner’s employees are trained to report suspicious activities and potential security breaches immediately. Product specific incidents can be found on the corresponding product status pages whenever available.
In the event of a data breach, the company will promptly notify affected parties and relevant authorities in accordance with applicable laws and regulations.
To ensure that the personal data provided by users to the company is afforded protections required by the applicable data protection laws, the Company offers a Privacy Policy Page that incorporates our data privacy commitments.
Canner welcomes your comments regarding this Policy. If you believe that Canner has not adhered to this Policy, please contact us by e-mail or postal mail, and we will use commercially reasonable efforts to promptly determine and remedy the problem.
Canner, Inc.
7F - 2, No. 33, Section 1, Minsheng Road, Banqiao District, New Taipei City, 22069, Taiwan
Send email to: privacy@cannerdata.com
This Security Policy may be updated occasionally to reflect changes in our practices or regulatory requirements. The latest version will always be available on this page.