Skip to main content

Seek Security

Overview

We at Seek understand the importance of your data and are committed to securing our systems and your data end-to-end.  Thus, we have built Seek Insights from the ground up with a “security-first” design philosophy.

Data Protection In Transit

All customer data is securely transferred to our application using TLS v1.2 and above.  Only authorized personnel and customers are permitted to connect to our applications, and all connections to the application are monitored and logged.

Data Protection In storage

All data stored in our applications is encrypted using AES256 encryption.  Our IT infrastructure is 100% based in the cloud, and thus is resilient to physical attack.

Data Protection In use

All data shared with our applications remains under our customers’ sole control via their Snowflake instance. Access to our development and operating environments are strictly controlled, and only those Seek personnel who have been carefully screened are permitted access

Verified Security

Our security processes and controls are audited and verified annually in accordance with SOC 2 security standards. This includes enforcing two-factor authentication, real-time vulnerability and malware scanning, logging all administrator actions, employing a rigorous incident management process to investigate potential security events and facilitate required notifications in a timely manner, and following repeatable processes to ensure a secure environment. 

Shared Security Responsibility Model

To deliver our service in the most secure manner possible, Seek operates under a shared security responsibility model.  The shared security responsibility model is a framework to identify the distinct security responsibilities of both the customer and the cloud provider. In this model:

  • Seek is responsible for the security “of the cloud”, i.e., the underlying Seek Insights infrastructure
  • You are responsible for the security “in the cloud”, e.g., configuring your account in a manner that is consistent with your company's information security requirements, and managing and protecting your credentials for your account

Seek Security Controls

As a cloud provider, Seek is responsible for the security “of” Seek Insights' underlying infrastructure.  Some of the security controls we use to secure our infrastructure include:

  • Data Protection
  • Software Development Security
  • External audits and Penetration Tests
  • Customer Privacy

Software Development Security

We at Seek follow “best-in-practice" software development strategies.  This includes deploying fully segregated development, testing, and production environments; and only permitting authorized employees access to each applicable environment.  We also employ peer code review processes and code scanning technologies to ensure that our code is vulnerability-free.

External audits and Penetration Tests

Our security processes and controls are audited and verified annually in accordance with SOC 2 security standards. This includes enforcing two-factor authentication, real-time vulnerability and malware scanning, logging all administrator actions, employing a rigorous incident management process to investigate potential security events and facilitate required notifications in a timely manner, and following repeatable processes to ensure a secure environment.   We also undergo annual penetration tests of both the Seek Insights service and the underlying infrastructure.

Customer Privacy

Seek retains minimal information about our customers, and what little information we do collect (e.g., company name and point of contact), is never sold to third parties.  All payment information is processed by our third-party payment processor (Stripe) and is not stored by Seek.

Was this article helpful?