Our Security and Privacy Protocols

We pride ourselves on maintaining your data in a safe and trustworthy environment, having implemented controls and best practices to provide the highest standard of security for our users.

Our processes are constantly improving — last updated: January 22, 2024.

Data privacy

Securing access to data starts with people — and we invest a lot of time in hiring the best. Our teams are made up of professionals with experience building highly secure, enterprise-scale applications for companies of all sizes, from startups to large public companies.

At ChartMogul, we train all employees (regardless of their role) on up-to-date security policies and industry standards.

In addition, we monitor, log, and continuously review all employee access to your data.

Data Access

Your data is your property, and we’ll never sell it to anybody. We will only access your ChartMogul account with your permission — or if we detect suspicious activity or believe our Terms of Service are being violated.

GDPR Compliant

ChartMogul and all our third-party providers comply with the EU’s General Data Protection Regulation.

See Our Privacy Policy

Credit Cards

We do not process sensitive credit card details belonging to you or your customers.

Passwords

We encrypt all passwords before storing them in our database. You are responsible for choosing a strong password and keeping it secret. Two-factor authentication is available to all ChartMogul users, and we strongly recommend enabling it as an additional layer of security.

Our Data Processing Agreement is core to data security.

Review DPA

We craft security by design

We train our developers in secure software development practices.

Additionally, we use automated code analysis solutions in our development pipeline to ensure vulnerabilities aren’t introduced to our codebase.

Our security team takes part in both the design and implementation of any new feature that could increase our attack surface.

Encryption in transit and at rest

Data sessions are always protected with TLS protocols. Our databases are encrypted at rest, following industry standards.

SOC 2 Report

We have our SOC 2 Type 2 report and regularly submit to external audits to demonstrate continued compliance. To request our most recent SOC 2 report, please sign our NDA here.

Security assessments

We carry out continuous security code reviews, and do annual penetration testing to ensure the integrity of our platform.

Incident response plan

We follow SANS Incident Response methodology to handle incidents happening on our platform. We run a comprehensive post-mortem on each incident in order to both prevent such incidents from happening again and improve our remediation actions.

Request our latest SOC 2 Report

Request Report

Infrastructure and platform resiliency

ChartMogul is fully hosted on AWS within the Europe region.

In our network topology, we make use of:

  • Cloudflare as our network and web application firewall.
  • Amazon VPC to segment our internal network.

We monitor our networks using a variety of solutions, including Cloudflare, Datadog and Sysdig.

24x7 monitoring

Our engineering team performs on-call rotations to monitor application, software, and infrastructure using best-of-breed services that are highly reliable and compliant with industry standards.

99.9% uptime

ChartMogul’s availability consistently exceeds 99.9%.

See Our Status Page

Disaster recovery

We back up all customer data using replicas with additional backup snapshots.

Fault tolerance

Our architecture provides multiple failover instances to prevent outages due to single points of failure.

Our Security and Privacy Protocols

Terms of Service

ChartMogul maintains publicly-available Terms of Service that further detail our security commitments to our users.

Learn more about ChartMogul's Terms of Service

Privacy Policy

ChartMogul maintains a publicly-available Privacy Policy that describes our privacy commitments to and the rights of our users and website visitors.

Learn more about ChartMogul's Privacy Policy

Common Security FAQs

Need help with some common questions? Click below to browse our FAQs.

See FAQ

ChartMogul Status Page

Click below to stay informed about our current operational status and eventual incidents.

Learn more about ChartMogul's operational status

Request SOC 2 Report

ChartMogul continuously monitors security controls and undergoes external audits to demonstrate SOC 2 compliance. You can request our most recent SOC 2 report at the link below.

Learn more about ChartMogul's SOC 2 compliance

Questions?

Have questions, or want to learn more? Our team is ready to help! Send an email to support@chartmogul.com, or click the link below.

Contact us

Frequently Asked Questions

I am a ChartMogul customer, and there is suspicious activity in my account. What should I do?

Please contact us immediately.

I am a security researcher, and I’ve found a vulnerability in ChartMogul. How can I report it?

At ChartMogul, we welcome input from and are happy to work with security researchers. Please review our Vulnerability Disclosure Policy for more information on reporting security vulnerabilities.

Where does ChartMogul physically store my data?

ChartMogul production infrastructure lives entirely on AWS (Amazon Web Services). All the persistent data (databases, file storage, temp data) along side with compute power (web servers, processing machines, etc) are running in AWS EU Ireland Region (eu-west-1).

We store backups in AWS S3 using the same AWS Region: eu-west-1.

Is ChartMogul certified for PCI-DSS Level 1/2?

PCI-DSS is a security standard that any company that handles credit card data must comply with.

ChartMogul itself has not been audited by a PCI-certified auditor. That is because we use Stripe and Recurly to manage our subscription billing, and they handle all credit card data. Stripe and Recurly are compliant with PCI-DSS Level 1.

When handling your customers’ data to provide analytics, ChartMogul does not receive sensitive credit card details (at most, the last 4 digits of a credit card number).