Spiral Logo
Spiral Logo
Get a Demo
Get a Demo

World-class security you can trust

Spiral is certified SOC 2 Type II and provides around-the-clock, industry-leading security and operation.

AICPA | SOC 2
app screenshot
AICPA | SOC 2
Security

Internal Security

Authentication and authorization

Spiral maintains strict role-based access control across all our internal and external systems. Access to all critical services requires SSO and multi-factor authentication.

External audits

Spiral conducts an independent audit of policies and procedures, including: Information Security Policy, Third-Party Risk Management Policy, Business Continuity Policy, Incident Response Policy, and End-User Data and Privacy Policy.

Risk assessment

Spiral conducts regular risk assessments to gain an accurate and thorough understanding of the potential risks to security, availability, and privacy in our products and services.

Penetration tests

We engage with trusted third parties to complete network and application vulnerability scans at least once annually.

Vulnerability scans

Spiral performs internal vulnerability scans continuously to identify, prioritize, and remediate potential system vulnerabilities.

Third-party risk management

Spiral implements third-party management policies and procedures. This helps us ensure protection of assets and data that are accessible by vendors, and to establish standards for information security and service delivery from vendors.

Background checks

Spiral conducts background checks on all applicants selected for full-time employment.

Training

All Spiral employees are required to complete security and compliance training annually.

Internal Security
Infrastructure

Infrastructure

Privacy

Spiral is committed to compliance with all applicable financial and data privacy laws.

External audits

Spiral conducts an annual external independent audit — penetration testing, vulnerability scans, and information security.

Audit logs

Spiral collects audit trails, throughout the entire Spiral ecosystem.

Data encryption

Spiral encrypts all data, both at rest (AES-256) and in transit (TLS 1.2).

Segmentation

Spiral’s AWS environments - production and sandbox - are fully segregated.

Cloud security

Spiral uses cloud workload protection and utilizes WAF Security Groups to filter inbound traffic.

Infrastructure
Availability

Availability

Redundancy

Spiral ensures active-active availability, improving recovery times and providing access across no less than 3 availability zones.

Backups

We backup all production data and geo-replicate it within the same judicial data boundary.

Monitoring

We monitor our services for availability, performance, and security 24/7.

Business continuity

We have documented and implemented a business continuity plan that we activate and follow in the event of disruptions. We test our business continuity plan at least once annually, using different real world scenarios.

Availability

World-class security and operations you can trust

    Peace of Mind Security

    The Spiral Platform is audited by independent contractors — penetration testing, vulnerability scans, and information security.

    SOC 2 Type Certification

    Spiral is certified SOC 2 Type II.

    Data Encryption

    Spiral encrypts all data, both at rest (AES-256-GCM) and in transit (TLS 1.2).

    Compliance Ready

    Spiral is committed to compliance with all applicable financial and data privacy laws.

Are you ready to make an impact?

JOIN OUR COMMUNITY OF EVERYDAY HEROES

Spiral Financial

LEARN MORE

COMMUNITY

COMPANY

© 2019-2024 Spiral Financial - All Rights Reserved