Welcome to Sapia.ai's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.
Annual penetration testing of the Sapia.ai platform took place between February 2 and February 16, 2024. The results are now available in the report available in our Trust Center: https://app.safebase.io/portal?itemUid=722b9671-c0d5-4a19-a5f7-0ad8fd81307c.
Overall, the applications were found to be secure, yielding no significant security vulnerabilities that would impact the confidentiality or integrity of application data. Minor vulnerabilities raised present unlikely attack vectors or are of minor consequence. We will review these minor vulnerabilities and remediate them where necessary.
We are delighted to share the Sapia.ai SOC 2 Type II report for the period December 1, 2022 to November 30, 2023. This has been uploaded to the portal and is ready to view by interested parties.
One of our sub-processors, Atlassian, released a security advisory regarding external attackers who might have taken advantage of a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances. This allowed them to create unauthorized Confluence administrator accounts and gain access to Confluence instances.
Sapia.ai is not impacted as we solely use Atlassian Cloud sites, which are not affected by this vulnerability.
Sapia.ai has added subprocessor monday.com.
Monday.com is a project management tool used mainly by our Customer Success Team. No candidate personal data is shared. This subprocessor is only used in the administration of our business. If customers wish to collaborate with Sapia.ai in the tool, we can invite named contacts, in which case we share the customer's name and email address with this subprocessor. There is no obligation by customers to accept this invite.
Our security team has reviewed monday.com to ensure they meet our cyber security requirements. Monday.com holds ISO 27001 certifications along with SOC2 and fully complies with GDPR. Our security team continues to audit our subprocessors to ensure ongoing compliance regularly.
As an organization that is security conscious and values security, we are excited to announce the official launch of the Sapia.ai Security Trust Center. By using this portal, you can request access to our compliance documents and gain a general understanding of our security posture.
Over time, our team will be making changes to this portal as we implement new tools and processes in our environment. You can use the Subscribe button to receive email notifications when our team has an important update, such as if we have an updated compliance report or if we have a status update regarding a major security vulnerability that has been recently discovered.
If you need help using this Trust Center, please contact us.
If you think you may have discovered a vulnerability, please send us a note.