Security & Compliance
Security
Shaped was built from the ground-up with security as a top priority. We operate as a cloud software-as-a-service (SaaS) platform, and will discard any unused data when requested. Shaped performs well without Personally Identifiable Information (PII) and, for an added layer of security, works on encrypted data if needed.
Shaped uses best physical, virtual, network and operational security practices. We rely on role-based authentication for all data access and records audit logs for every action. We avoid data replication and have clear multi-tenant isolation policies to ensure sensitive and critical systems are separated. Shaped uses isolated VPCs for all production deployments. Data is encrypted at rest using AES-256 encryption or higher and all ingress and egress traffic is encrypted via TLS 1.2+.
Compliance
Shaped is SOC 2 Type 1 and GDPR compliant. We follow best security and governance best practices including using Vanta for real-time security and compliance monitoring, employee security training, device management, penetration testing, vulnerability scanning and secure software development practices. We have a data processing addendum on request if you require more information.
Subprocessor List
| Third Party Entity | Location | Service Provided |
|---|---|---|
| Amazon Web Services Inc. | United States (us-east-2) | Cloud hosting |
| ClickHouse, Inc. | United States | Database Hosting |