Trust center

Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Welcome to Sapia.ai's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Qantas-company-logoQantas
Starbucks-company-logoStarbucks
Woolworths Group-company-logoWoolworths Group
Suncorp Group-company-logoSuncorp Group
Iceland Foods-company-logoIceland Foods
BT Group-company-logoBT Group
Spark New Zealand Limited-company-logoSpark New Zealand Limited
nib Group-company-logonib Group
Medibank-company-logoMedibank
Concentrix-company-logoConcentrix
Holland & Barrett-company-logoHolland & Barrett
Pentest Report
Trust center Updates

Document update

ComplianceCopy link

Annual penetration testing of the Sapia.ai platform took place between February 2 and February 16, 2024. The results are now available in the report available in our Trust Center: https://app.safebase.io/portal?itemUid=722b9671-c0d5-4a19-a5f7-0ad8fd81307c.

Overall, the applications were found to be secure, yielding no significant security vulnerabilities that would impact the confidentiality or integrity of application data. Minor vulnerabilities raised present unlikely attack vectors or are of minor consequence. We will review these minor vulnerabilities and remediate them where necessary.

Published at N/A

We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2022 to November 30, 2023. This has been uploaded to the portal and is ready to view by interested parties.

Published at N/A

Vulnerability in Confluence (Atlassian) Data Center and Server

IncidentsCopy link

One of our sub-processors, Atlassian, released a security advisory regarding external attackers who might have taken advantage of a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances. This allowed them to create unauthorized Confluence administrator accounts and gain access to Confluence instances.

Sapia.ai is not impacted as we solely use Atlassian Cloud sites, which are not affected by this vulnerability.

Published at N/A

Changes to subprocessors

SubprocessorsCopy link

Sapia.ai has added subprocessor monday.com.

Monday.com is a project management tool used mainly by our Customer Success Team. No candidate personal data is shared. This subprocessor is only used in the administration of our business. If customers wish to collaborate with Sapia.ai in the tool, we can invite named contacts, in which case we share the customer's name and email address with this subprocessor. There is no obligation by customers to accept this invite.

Our security team has reviewed monday.com to ensure they meet our cyber security requirements. Monday.com holds ISO 27001 certifications along with SOC2 and fully complies with GDPR. Our security team continues to audit our subprocessors to ensure ongoing compliance regularly.

Published at N/A

Welcome to the Sapia.ai Trust Center

GeneralCopy link

As an organization that is security conscious and values security, we are excited to announce the official launch of the Sapia.ai Security Trust Center. By using this portal, you can request access to our compliance documents and gain a general understanding of our security posture.

Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.

Published at N/A

If you need help using this Trust Center, please contact us.

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo