The following Security documentation is available upon request: Security Overview Document; GDPR, Privacy, and GoodTime; SOC 3
The following Security documentation requires an NDA: SOC 2 Type II; CAIQ Full security questionnaire; CAIQ Lite security questionnaire; SIG Lite security questionnaire
To request GoodTime's Security Overview Document or other documents that may require an NDA, please click here.
Third-party processors may be viewed here.
Organizational SecurityGoodTime.io has established an industry-leading security program, dedicated to ensuring customers have the highest confidence in our custodianship of their data. Our security program is aligned to the ISO 27001 standards and is regularly audited and assessed by third parties and customers.
Audits, Compliance and Third Party AssessmentsGoodtime.io operates a comprehensive information security program designed to address the vast majority of the requirements of common security standards.
SOC2 Type II & ISAE-3000 and SOC3 ReportsGoodTime’s SOC2 Type II and ISAE-3000 Report was issued on August 31st, 2021 and is available upon request with a signed NDA. The SOC 3 report is available upon request.
We are hosted on Heroku and AWS who provides robust physical data center security and environmental controls.
Data EncryptionAll of our Goodtime.io customer data is encrypted at rest and in transit. We do not allow insecure protocols and we encrypt our backups as well.
Data OwnershipYour data belongs to you. We won't delete data in your account without giving you time to export it.
Data SecurityWe host your data in a secure database properly hardened and segregated from non-production environments. All access to the database is tightly controlled and locked down.
Reporting RequirementsData security incidents need to be reported to the company's security team immediately. Affected customers or partners will be notified within 48 hours of the incident and provided a copy of the incident report on request.
Disaster RecoveryWe regularly back up your data, have defined RTO and RPO, and test the backups on a frequent basis.
Security and Privacy TrainingDuring their tenure, all workers are required to complete a refresh of privacy and security training at least annually. They are also required to acknowledge that they’ve read and will follow GoodTime’s information security policies at least annually.
Bug ReportingIf you are a current customer and have detected a bug within our platform, please notify your account manager. Otherwise, if you have detected a bug within GoodTime's applications, please contact email@example.com, including the following information: bug name, description, submission and discovery date, reporter name, OS, browser, URL, steps to reproduce, expected result, actual result, screenshots, and any additional notes.
Advisor and Chief Information Security Officer
former Head of Security at Quora