Trust, Security, and Privacy at Whistic

Our commitment to customer trust

Values

We strive to embody the values of the Security First Initiative by transparently sharing our security and privacy posture, including the “why” behind our approach to building the Whistic Network.

Responsibility

We hold ourselves responsible to act as an extension of your brand as you invite your customers or vendors into the Whistic Network.

Building a vendor network

The Whistic Vendor Security Network

Learn more about the Whistic Vendor Security Network and our approach to achieving our vision together with our customers.

Our commitment to security to better protect your data

People

We are actively building out a security team with experience not only in building and running a best in class security function but also with a deep understanding of vendor risk who can help as internal customers.

Processes

Whistic is SOC 2 Type 2 compliant and working toward ISO 27001. We constantly work to better improve our processes and compliance posture to ensure we meet the needs of our customers and build for the future.

Technologies

We seek to continuously invest in cutting edge technologies to protect our systems and data.

Security at Whistic

Our Whistic Profile

If you'd like detailed information about our security posture, including compliance audits and certifications, questionnaires, policies, and third party attestations, this can all be accessed via our Whistic Profile.

Our commitment regarding the data we collect from you and those you invite into the Whistic Network

We only collect data that has a purpose

Every piece of data we collect has a purpose. We regularly review our processes to ensure that we do not collect data we do not need.

We don’t sell your data

It’s as simple as it sounds: we will never sell your data.

We respect your right to control who has access to your data

Data sharing is fundamental to the success of the Whistic Network and as a result, we believe in giving you the ability to control how and to whom your data is shared.

Whistic Privacy & Trust

Privacy Policy and Terms of Service

If you’d like to learn more about how Whistic approaches Privacy and our commitment to your Personal Data then please read our Privacy Policy. If you’d like to learn more about how you control the sharing of your Customer Data then please read our Terms of Service.

Feedback

As what we are doing has never been done before, we take feedback seriously and are constantly seeking input from those helping to build the Vendor Security Network with us. Please reach out to us to engage on these topics.

FAQ

Will you ever share or sell our data to a third party?

Whistic will never sell your data to a third party and we will only share it with third parties if you have given us permission to do so. We give you the ability to control how and to whom your data is shared with as outlined in our Privacy Policy and Terms of Service.

Do my customers or vendors that are invited into Whistic get marketed to?

Not unless they consent to receive marketing from Whistic. We do engage in educational communication with new users as outlined in this FAQ.

What content do you send to my customers or vendors that are invited into Whistic?

We use a combination of emails and in-product actions to welcome free users, to educate them, ask for product feedback and support them. We also may use video or phone calls to educate, assist and support free users with their Whistic account in order to help them understand:

· What the Whistic Network is and how assessments work in the Network.
· What benefits they get as a part of their free Whistic account and as a new user in the Network, including the Network activity related to their account.
· How they can use their free Whistic account to prepare for their next assessment.

What types of data are you collecting about my company/our security posture?

You can find the complete list in our Privacy Policy. Every piece of data we collect about your company has a purpose. Whether that be to enrich your user experience, help your customers assess your business faster, or improve the platform. We regularly review our data collection processes to ensure that we aren’t collecting data we don’t need.

Do you treat your communication differently based on geography?

We ensure we adhere to local geographic privacy requirements for our users. For example, we only send product-related emails/reminders to EU-based users and no other communications without explicit consent.