Security, Privacy andTrust at Deserve
Security
We take security seriously and maintain a comprehensiveapproach across our people, processes and technology.
People
Our training and awareness programs ensure that security and privacy are at the core of all our engineering and operations. We also actively monitor, manage and continuously improve the security across Deserve.
Processes
Our robust security governance program includes strong access control, environment monitoring, security reviews as well as external penetration testing. We regularly enhance our security posture to better protect customer data.
Technology
Every facet of our AWS-based architecture and security operations is optimized to maximize security for data at Rest and in Transit. We deploy state-of-the-art threat response and device management tools to keep ahead of emerging threats.
Privacy
We protect our customers’ financial data and personalinformation as securely as we would our own.
Privacy by Design
Our products and offerings are designed with privacy in mind. We conduct Privacy Impact Assessments for all projects and enhancements.
Confidentiality
Our employees only access personal data to the extent necessary to perform services, and we require all third party service providers to adhere to the same privacy practices.
Privacy Management
We have dedicated resources focused on maintaining compliance with the latest privacy protecting regulations and policies. We also perform regular internal audits of our privacy practices and train all employees on data privacy.
Trust & Compliance
We’re SOC 1 Type II and SOC 2 Type II compliant. We undergo annual examinations and testing by an independent audit firm, and the results confirm our design and operating effectiveness of internal controls for security across our business.
We’re a PCI DSS 3.2.1 compliant Level 1 merchant. We maintain compliance with the current version of the PCI Data Security Standard (DSS) in order to ensure safe and secure handling of credit card holder information.