ProfitWell.com-8
Skip to Content
image description
image description
image description
image description
image description
image description
image description
image description
image description

Your data is
safe, available, & yours.

Your data security and privacy is our priority at ProfitWell.
privacy 24k

Trusted by over 24k companies (more than any other metrics provider).

security 365

24/7/365 around the clock monitoring of our application, software, and infrastructure.

access 99%

Customer data is always backed up and uptime is over 99.99%.

Safeguarding the data of more companies than any other provider
appcues
bluejeans
insightly
prezi
zapier
canva
masterclass
hubspot
taxjar
codeship
teamgantt
hotjar
conversio

Compliance & Certification

ProfitWell follows the most reputable security standards on the market, and has the accreditations and audits to prove it.

  • SOC2 Type 1
  • EU-US Privacy Shield
  • GDPR
  • CCPA
  • PCI
back dots
aicpa soc
gdpr compliant
ccpa
pci
eu-us privacy shield

What’s our security methodology?

Security isn't one of those sexy topics that gets clicks, but it's ultimately one of the foundations of a successful company.

At ProfitWell, our customers trust us with more subscription financial data than any other product out there. We take that responsibility seriously, and that’s why security needs to be and has always been a priority.

To ensure that our practices are airtight, ProfitWell has invested in the proper resources and controls to protect and service our customers. Our investment utilizes a security framework using best practices in the SaaS industry with our key objectives centering on data privacy and safety, service continuity, data and service integrity, and compliance and best practices.

  • Data privacy and safety

    Deliver a superior product and service while protecting the privacy and confidentiality of data.

  • Service continuity

    Maintain ongoing availability of ProfitWell and data to all authorized individuals.

  • Data and service integrity

    Ensure that user and customer data is never corrupted or altered inappropriately.

  • Compliance and best practices

    Implement process and controls to align with current international regulatory and industry best practice guidance.

image description
image description

Commonly requested info

The run down on the information you need.
Data Access

Your data belongs to you and is rarely accessed. ProfitWell will not access your data without express permission or in the event of a security or QA issue.

Data Ownership

Your data 100% belongs to you and is never sold in any manner. We won't delete data in your account without giving you time to export it.

Encryption

ProfitWell data is encrypted in transit (advanced TLS protocols and 2,048-bit keys) and at rest (Amazon's Key Management Service (KMS).

ISO 27001 Data Centers

ProfitWell products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled. These partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Penetration Testing

We conduct third party network, application, and physical security tests and audits multiple times per year.

Certifications

ProfitWell certified with the EU-US and Swiss-US Privacy Shield Framework, as well as SOC2 Type I. Our data center providers maintain ISO 27001, SOC2, and many other certifications.

image description
image description
Trusted by more companies than any other provider

"Security is our priority at ProfitWell and that's why it needs to be an ongoing practice."

Michael Cox Director of Engineering
image description
image description
image description

More information

Cloud Security

  • Data Center Physical Security
    Facilities

    ProfitWell hosts Service Data primarily in AWS data centers that have been certified as ISO 27001, PCI DSS Service Provider Level 1, and/or SOC 2 compliant.

    On-Site Security

    AWS on-site security includes a number of features such as security guards, fencing, security feeds, intrusion detection technology, and other security measures.

    Data Hosting Location

    Profitwell leverages AWS data centers in the United States. Customers can choose to locate their Service Data when needed.

  • Network Security
    Dedicated Security Team

    Our Security Team is on call 24/7/365 to respond to security alerts and events.

    Protection

    Our network is protected through the use of key AWS security services, ongoing audits, and network IT, which monitor and/or block known malicious traffic and attacks.

    Network Firewall Protection

    ProfitWell prevents network attacks with monitoring and protections including tightly controlled network-level firewalling.

    Third-Party Penetration Tests

    In addition to our extensive internal scanning and testing program, we conduct third party tests and audits multiple times per year.

  • Encryption
    Encryption in Transit

    Data sessions are always protected with advanced TLS protocols and 2,048-bit keys.

    Encryption at Rest

    All databases are encrypted at rest using Amazon's Key Management Service (KMS). The same encryption applies to the disks used for our production application servers as well.

Applicaton and HR Security

  • Secure Development (SDLC)
    Secure Code Training

    Engineers participate in regular secure code training covering OWASP Top 10 security risks, common attack vectors, and ProfitWell security controls.

    Separate Environments

    We separate testing and staging environments from the production environment. No service data is used in our development or test environments.

  • Vulnerability Management
    Third Party Penetration Testing

    We conduct third party tests and audits multiple times per year.

  • Security Awareness
    Policies

    ProfitWell has created a comprehensive set of security policies. These policies are shared with and made available to all employees and contractors with access to ProfitWell.

    Training

    All employees attend a security awareness training, which is given upon hire and annually on a recurring basis. All engineers receive annual secure code training. The security team provides additional security awareness updates via internal messaging, email, and in presentations during internal events.

  • Employee Vetting
    Background Checks

    ProfitWell performs criminal background checks on all new employees in accordance with local laws. These checks are also required to be completed for contractors. Cleaning crews are included.

    Confidentiality Agreements

    All new hires are required to sign non-disclosure and confidentiality agreements.

image description
image description
image description
image description
image description
Protecting your data is our obsession.
image description
Back to top