Trust Center

Security at Paragon

Security is built into the fabric of our products, team, infrastructure, and processes, so you can rest assured your data is safeguarded.

  • Compliance

    Last updated Tue, Apr 5, 2022
    • GDPR
    • SOC 1

      Paragon's last SOC2 Type 1 certification was issued February 18, 2022 by Prescient Security with 100% compliance and no unusual findings.

  • Product Security

    Last updated Tue, Apr 5, 2022
    • Audit Logs

      Paragon enables logging to track activity and configuration changes. We retain our cloud infrastructure logs for at least 1 year and have implemented tools to log and retain account activity related to actions across its cloud infrastructure. Additionally, Paragon has implemented tools to capture information about IP traffic going to and from network interfaces in their virtual private cloud.

    • Role-Based Access Control (RBAC)
  • Data Security

    Last updated Tue, Apr 5, 2022
    • Data Encrypted At-Rest
    • Data Encrypted In-Transit

      Paragon encrypts data at rest. Sensitive data is encrypted when it is transmitted over public networks.

    • Passwords Encrypted
  • Privacy

    Last updated Tue, Feb 22, 2022
    • Privacy Policy
    • Data Protection Officer (DPO)

      Our appointed Data Protection Officer is responsible for reviewing that it is up to date and its procedures are followed. Any customer can request a copy of the document by emailing privacy@useparagon.com.

  • Incident Management & Response

    Last updated Tue, Feb 22, 2022
    • Incident Response Plan (IRP)
  • Availability & Reliability

    Last updated Tue, Apr 5, 2022
    • Auto Scaling

      Paragon robust architecture automatically scales to handle requests at large volumes.

    • Quality Assurance Testing
    • Service Monitoring
    • Status Page
  • Organizational Security

    Last updated Tue, Apr 5, 2022
    • Employee Background Checks

      Background checks are in place to qualify new personnel. Such screening is reviewed prior to a new employees first day, in accordance with local laws.

    • Employee Security Training

      Paragon has a security awareness training program in place to promote the team's awareness of their obligations with respect to maintaining information security, privacy and understanding of internal policies. Such program is logged and completed by all applicable new hires.

    • Employee Workstations Automatically Locked
    • Employee Workstations Encrypted

      Full-disk encryption is used on all Paragon laptops and/or desktops.

    • Limited Employee Access (Principle of Least Privilege)
    • Personnel Screening
    • Physical Access Control
  • Business Continuity

    Last updated Tue, Feb 22, 2022
    • Business Continuity Plan
    • Disaster Recovery Plan
    • Data Backups
  • Threat Management

    Last updated Tue, Apr 5, 2022
    • Vulnerability Scanning

      Paragon performs vulnerability scans on it's systems and applications to identify potential vulnerabilities. Results are assessed and the company tracks high/critical findings through remediation.

      Paragon additionally has a Vulnerability Management Policy in place to govern the detection and remediation of vulnerabilities.

  • Subprocessors

    Last updated Tue, Feb 22, 2022
    • Name
      Purpose
      Location
      1Password
      Password management
      USA
      Amazon Web Services
      Application hosting and data storage
      USA
      Cloudflare
      DNS and DDOs mitigation
      USA
      Google Analytics
      User analytics
      USA
      Intercom
      Customer support and user analytics
      USA
      Mixpanel
      User analytics
      USA
      Salesforce
      Customer relationship management
      USA
      Segment
      User analytics
      USA
      SendGrid
      Alerts and team management
      USA
      Stripe
      Payment processing
      USA