Security & Compliance
Technology Customer Commitment
We are only successful if our clients are successful and (more than) satisfied with our services, our platform, and our corporation as a whole. This is why our number one goal is to earn and maintain your trust in us – and to continually show our commitment to you.
Expertise & Communication
Our team strives to apply all industry best practices and the latest technologies to ensure that each and every client’s experience is a secure, reliable, and enjoyable one. We are a transparent and accommodating team of professionals dedicated to proactively communicating any errors or bugs, updates, and new features to guarantee that every experience is beneficial for the company and exciting to be a part of.
Carrots conducts hourly backups of the entirety of our application as well as all customer data sent to our app. We keep these records for up to 90 days to ensure that your data will not be lost at any time.
Cybersecurity professionals have audited our application to ensure that we’ve taken every precaution possible to keep your data safe at all times. All data coming and going from the application is encrypted via an SSL certificate to avoid data sniffing. All passwords are encrypted to protect the data from attacks ranging from rainbow tables to brute-force search attacks.
Our physical servers are hosted and managed within Amazon’s data centers as our application and website use Amazon Web Service (known as AWS) technology. Other companies using these same facilities and services include GE, Pfizer, and Netflix. Amazon maintains the following security certifications:
SOC1/SSAE 16/ISAE 3402 (formerly SAS 70)
FISMA, DIACAP, FedRAMP
CSM Levels 15
PCI DSS Level 1
ISO 9001 / ISO 27001
The AWS data centers are housed in secure, nondescript locations for added protection. These critical facilities have extensive military-grade perimeter controls as well as boundary protection. Both at the perimeters of the facilities as well as building entry points, physical access is strictly controlled by professional security staff utilizing state-of-the-art intrusion and security systems as well as constant video surveillance. All authorized personnel must verify their identity via two-factor authentication a minimum of three times to gain access to data center floors. Visitors and contractors must sign in and present identification upon arrival and are continually escorted by AWS staff.
View more about Amazon AWS compliance information here: https://aws.amazon.com/compliance.