Circa adheres to industry-leading privacy and security practices to ensure the highest level of trust and safety of our customers.
Circa is SOC-2 Type 2 Certified, with the mostrecent report available upon request.
Circa's Privacy Policy and Data Processing Agreement (DPA) comply with the General Data Protection Regulation (GDPR) for users in the EU.
Circa's CCPA Notice and Privacy Policy comply with the California Consumer Rights Privacy Act (CCPA)
Circa is certified under the EU-U.S. Privacy Shield Framework for user data transfer and storage.
Circa uses third-party monitoring services to ensure highup time & availability. You can view our real-time and historical performance here.
Circa encrypts all sensitive data both at rest and in-transit using robust, industry-leading encryption algorithms.
Circa's production services run in a private secure cloud on Heroku. Only network protocols essential for making our service work are open at the network's perimeter.
Circa undergoes regular penetration testing by independent third parties to ensure that our platform is secure.
Access to internal Circa systems requires multiple authentication factors, including 2FA access and device-based authentication tokens.
Access to Circa customer data in cases when customers need our assistance is logged and regularly audited.
Circa automatically backs up customer data on an at-least daily basis.
Circa has an around-the-clock on-call policy for our engineers to be available just in case.