Security Policy

Last modified: August 7, 2024

Overview

Canner, Inc. (“Canner” or the “Company”) is committed to the security of our customers’ data and the integrity of our systems are our top priorities. This Security Policy outlines our commitment to safeguarding information and the measures taken to protect against unauthorized access, disclosure, alteration, and destruction.

Data Protection

Data at rest

256-bit Advanced Encryption Standard (AES), the most robust form of AES encryption available, renders the files in our systems inaccessible to unauthorized users for applicable products hosted by Canner.

Data in transit

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are used to protect data as it transfers between client devices and our servers.

Product Security

Vulnerability scanning

Our applications and infrastructure are regularly tested for security vulnerabilities and hardened to enhance security and protect against attacks.

Pen Testing

Penetration testing is conducted periodically to evaluate the security of our applications. All areas of our product and closed infrastructure are in-scope for these assessments.

Secure Development

Canner’s software application lifecycle includes comprehensive security measures to ensure the integrity and safety of our products. These measures include static analysis of test code during pull request on an ongoing basis, malicious dependency scanning to prevent introduction of malware into our software supply chain, periodic network vulnerability scanning, security assessments and code reviews to identify and mitigate potential security risks.

Risk Management

Canner follows the risk management procedures in compliance with SOC 2 for risk assessment and risk mitigation. All our products must go through code review, CI, and build pipelines to reach production servers. Only designated employees have access to production servers.

Enterprise Security

Security Education

Canner provides comprehensive security training to all employees upon onboarding and annually through educational modules to ensure keeping up with best practices. In addition, all new employees attend a mandatory live onboarding session centered around key security principles.

Identity and Access Management

Access to sensitive data is restricted based on role and necessity. Only authorized personnel with a legitimate business need can access sensitive information.

Multifactor authentication (MFA) is required to access internal systems and sensitive data.

Vendor Security

Canner uses a risk-based approach to vendor security. The company prioritizes security in our vendor selection process to ensure that all third-party partners meet our stringent security standards. Vendors are evaluated based on their security practices, compliance with relevant regulations, and their ability to protect sensitive information. This includes a thorough review of their security policies, data protection measures, and incident response procedures.

Incident Response

Reporting and Response

Canner’s employees are trained to report suspicious activities and potential security breaches immediately. Product specific incidents can be found on the corresponding product status pages whenever available.

Communication

In the event of a data breach, the company will promptly notify affected parties and relevant authorities in accordance with applicable laws and regulations.

Data Privacy

To ensure that the personal data provided by users to the company is afforded protections required by the applicable data protection laws, the Company offers a Privacy Policy Page that incorporates our data privacy commitments.

For More Information

Canner welcomes your comments regarding this Policy. If you believe that Canner has not adhered to this Policy, please contact us by e-mail or postal mail, and we will use commercially reasonable efforts to promptly determine and remedy the problem.

Canner, Inc.

7F - 2, No. 33, Section 1, Minsheng Road, Banqiao District, New Taipei City, 22069, Taiwan

Send email to: privacy@cannerdata.com

Updates to This Policy

This Security Policy may be updated occasionally to reflect changes in our practices or regulatory requirements. The latest version will always be available on this page.