Whistic and Google Cloud collaborate to enable proactive vendor security. Learn more
We strive to embody the values of the Security First Initiative by transparently sharing our security and privacy posture, including the “why” behind our approach to building the Whistic Network.
We hold ourselves responsible to act as an extension of your brand as you invite your customers or vendors into the Whistic Network.
We are actively building out a security team with experience not only in building and running a best in class security function but also with a deep understanding of vendor risk who can help as internal customers.
Whistic is SOC 2 Type 2 compliant and working toward ISO 27001. We constantly work to better improve our processes and compliance posture to ensure we meet the needs of our customers and build for the future.
We seek to continuously invest in cutting edge technologies to protect our systems and data.
Every piece of data we collect has a purpose. We regularly review our processes to ensure that we do not collect data we do not need.
It’s as simple as it sounds: we will never sell your data.
Data sharing is fundamental to the success of the Whistic Network and as a result, we believe in giving you the ability to control how and to whom your data is shared.
Not unless they consent to receive marketing from Whistic. We do engage in educational communication with new users as outlined in this FAQ.
We use a combination of emails and in-product actions to welcome free users, to educate them, ask for product feedback and support them. We also may use video or phone calls to educate, assist and support free users with their Whistic account in order to help them understand:
· What the Whistic Network is and how assessments work in the Network.
· What benefits they get as a part of their free Whistic account and as a new user in the Network, including the Network activity related to their account.
· How they can use their free Whistic account to prepare for their next assessment.
We ensure we adhere to local geographic privacy requirements for our users. For example, we only send product-related emails/reminders to EU-based users and no other communications without explicit consent.