Our website use cookies. By continuing navigating, we assume your permission to deploy cookies as detailed in our Privacy Policy.
Accept  cookies

Rupert Trust Center

Users trust us with their identity, their data assets, their thoughts and conversation.
We reciprocate with the utmost honesty and transparency.
We are clear and up front about what’s happening and why.

Security
Data privacy
Compliance

Security

Access Management

  • Rupert adheres to the principles of least privilege and role-based permissions when provisioning access; employees are only authorized to access data that they reasonably must handle in order to fulfill their current job responsibilities.
  • Rupert employs multi-factor authentication for access to internal systems, including VPN requirements for engineers connecting to the application environment


Encryption

  • Rupert encrypts data using industry standard protocols
  • Data in transit is encrypted using TLS 1.2 or higher
  • Data at rest is encrypted using AES-256.
  • Key management is in place for production services


Endpoint Security

  • All workstations issued to Rupert personnel are configured by Rupert to comply with our standards for security.
  • These standards require all workstations to be properly configured, updated, and tracked and monitored by Rupert’s endpoint management solution.
  • Rupert’s default configuration sets up workstations to encrypt data at rest, have strong passwords, and lock when idle.
  • Workstations run up-to-date monitoring software to report potential malware.


Network Security

  • Rupert uses Google Cloud Platform for its infrastructure hosting, and makes use of Google Cloud Armor to protect against web attacks


System Monitoring and Alerting

  • Rupert implements continuous monitoring of its infrastructure and application to ensure optimal availability. Issues are automatically identified and alerted to the appropriate team members, to ensure quick response and remediation.


Penetration Testing

  • Rupert engages independent entities to conduct application-level and infrastructure-level penetration tests annually
  • Results of these tests are prioritized and remediated in a timely manner



Disaster Recovery and Business Continuity Plan

  • Rupert utilizes services deployed by its hosting provider to distribute production operations across regions. These distributed areas protect Rupert’s service from loss of connectivity, power infrastructure, and other common location-specific failures.
  • Rupert performs daily backups and replication for its core database and supports restore capability to protect the availability of Rupert’s service in the event of a site disaster affecting any of these locations.



Incident Response Plan

  • Rupert has established policies and procedures for responding to potential security incidents.
  • All security incidents are managed by Rupert’s dedicated Incident Response Team. The policies define the types of events that must be managed via the incident response process and classifies them based on severity.
  • In the event of an incident, affected customers will be informed in a timely manner. Incident response procedures are tested and updated at least annually.

Data Privacy

Data Sharing and Processing

  • Rupert follows GDPR and CCPA guidelines to ensure data protection obligations to its customers. This includes only collecting, processing, and storing customer data in compliance with these obligations and providing customers the right to access or delete it at any time.


Data Retention and Disposal

  • Rupert maintains a record retention schedule that complies with legal, regulatory, and operational requirements.
  • Rupert performs safe and secure disposal of electronic and paper records, taking into consideration the confidential and sensitive nature of any customer data.


Third-party Vendor Management

  • Rupert has established agreements that require sub processors to adhere to confidentiality commitments and take appropriate steps to ensure a proper security posture is maintained.
  • Rupert monitors these sub processing vendors by conducting reviews of their controls before use and at least annually.


Compliance

Rupert prioritizes compliance efforts to ensure the requirements of customers and regulators are met.

Rupert maintains compliance with the following standards

  • ISO 27001
  • GDPR
  • CCPA
  • HIPAA

SOC 2

Rupert utilizes enterprise-grade best practices to protect our customers’ data, and works with independent experts to verify its security, privacy, and compliance controls, and has achieved SOC 2 Type report against stringent standards.

SOC 2 Report
We work with an independent auditor to maintain a SOC 2 report, which objectively certifies our controls to ensure the continuous security of our customers' data.

Developed by the Assurance Services Executive Committee (ASEC) of the AICPA, the Trust Services Criteria is the set of control criteria to be used when evaluating the suitability of the design and operating effectiveness of controls relevant to the security, availability, or processing integrity of information and systems, or the confidentiality or privacy of the information processed by the systems at an entity, a division, or an operating unit of an entity.

Continuous Security Control Monitoring
Rupert uses Drata’s automation platform to continuously monitor 100+ security controls across the organization. Automated alerts and evidence collection allows Rupert to confidently prove its security and compliance posture any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings
Security is a company-wide endeavor. All employees complete an annual security training program and employ best practices when handling customer data.

Penetration Tests
Rupert works with industry leading security firms to perform annual network and application layer penetration tests.

Secure Software Development
Rupert utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption
Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program
If you believe you’ve discovered a bug in Rupert’s security, please get in touch at support@hirupert.com. Our security team promptly investigates all reported issues.

HIPAA

Rupert utilizes enterprise-grade best practices to protect our customers' sensitive health information, and uses Drata to verify its security, privacy, and HIPAA compliance controls.

About HIPAA
HIPAA is a federal law that requires the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.

Drata’s HIPAA product provides an automated approach to ensuring that organizations can demonstrate compliance.

Continuous Security Control Monitoring
Rupert uses Drata’s automation platform to continuously monitor security controls across the organization. Automated alerts and evidence collection allows Rupert to confidently prove its commitment to protecting your sensitive health information any day of the year, while fostering a security-first mindset and culture of compliance across the organization.

Employee Trainings
Security is a company-wide endeavor. All employees complete an annual HIPAA training program and employ best practices when handling customers' private health information.

Secure Software Development
Rupert utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle.

Data Encryption
Data is encrypted both in-transit using TLS and at rest.

Vulnerability Disclosure Program
If you believe you’ve discovered a bug in Ruperts security, please get in touch at support@hirupert.com. Our security team promptly investigates all reported issues.

“ We pushed for full data democratization from our inception. Outcome? Business users used data inconsistently and we, the data team, lost sight of the analytics service quality they are getting.

With Rupert, we can easily control and contextualize what the business should use and allow them to do so completely self-serve, cutting time to trusted insight to zero.”

Alex
Head of Data Science

Loved by top data teams

Book a demo with a product specialist

👍
We’re on it!

Our product specialists will reach out soon. In the meantime check out our blog for the latest from Rupert

Oops! Something went wrong while submitting the form.

Product

How it works

Company

About UsCareersPrivacyTerms and Conditions

Resources

BlogFAQTrust Center

Follow Us

LinkedInTwitterInstagramFacebookYouTube

Copyright Rupert @ 2023. All Rights Reserved