Chaser security

Chaser aims to uphold industry-leading data security and privacy standards across all operations. We safeguard your and your users’ data so that you can fully focus on transforming your accounts receivables management strategy.

This page describes the technical and organizational security measures implemented by Chaser. Chaser may update or modify these security measures from time to time provided that such updates and modifications do not result in the degradation of the overall security of the Chaser services.

Certifications

Chaser is actively pursuing compliance with the SOC 2 security framework.

Policies

Security measures

Data centers

Chaser stores its services data at physically secure data centers. We use:

Mongo DB Atlas which is a data platform optimized for developers. Mongo DB, Inc has an ISO/IEC 27001:2013 certification available here. For more information please visit ISO/IEC 27001:2013 – MongoDB Atlas.
Google Cloud Platform (GCP). Google LLC has an ISO/IEC 27001:2013 certification available here. For more information please visit ISO/IEC 27001 - Compliance | Google Cloud.

Data privacy

Access to personal data

Personal data is protected by an appropriate level of security designed to prevent unauthorized data access. Personal data is limited to role-based access by personnel on a need-to-know basis. Personal data is encrypted in transit.

Password policy

Chaser has implemented a uniform password policy for its internal services and correspondent tools and features. All passwords must fulfill defined minimum requirements and are stored in encrypted form. Users who interact with the services must use a password manager to store their passwords securely.

Subprocesses of customer data

Chaser customer data is also stored within HubSpot CRM which is used for record management, support ticketing and sales force automation. HubSpot is hosted on ISO/IEC 27001:2013 certified infrastructure provided by Amazon Web Services (AWS). For more information on HubSpot certification please visit HubSpot Security Program.
Chaser uses the Chargebee billing platform to maintain subscription information about customers and generate invoices and collect payments. Chargebee has an ISO/IEC 27001:2013 certification see details here . For more information please visit Compliance Certificates - Chargebee Docs.
Chaser uses Stripe (via Chargebee) to collect payments for our subscriptions. Stripe is a fully regulated payment services provider. For more information on Stripe https://stripe.com/docs/security
Chaser uses the Slack collaboration and communication platform. Slack Technologies, LLC has an ISO/IEC 27001:2013 certification available here. For more information on Slack security please visit Security at Slack.

Interaction with contractors

To protect any data processed, Chaser maintains contractual relationships with its third-party suppliers. Chaser relies on contractual agreements, privacy policies, and supplier compliance procedures to protect any data processed or stored by suppliers.

GDPR

Chaser adheres to GDPR requirements. We have adopted the following measures to be compliant with GDPR requirements:

Collect the minimum information necessary for the provision of our services.
Process data in a lawful manner.
Maintain and make available to customers a list of sub-processors, as well as the purpose of their use.
Market our services to customers and prospects in a manner that respects their rights under GDPR.
Maintain a privacy policy to describe our data collection practices.

Application security

Penetration tests

Chaser conducts penetration tests every year. The objective of the penetration tests is to identify and resolve foreseeable attack vectors and potential abuse scenarios.

Authentication

Chaser requires all customers and users to set up 2-factor authentication. Free trial subscribers have 28 days to set up 2-factor authentication.

Human Resources security

Confidentiality agreement

Our employees and contractors are required to sign a non-disclosure agreement before starting work.

Security awareness

We provide security awareness training for all new employees, and all employees do this annually. Training is carried out through an electronic platform.

Office security

As Chaser conducts its business globally, we have teams in different parts of the world including United Kingdom, Portugal, Philippines, and Ukraine. Due to the distribution of offices, we take security very seriously.

Subprocessors

Chaser uses the Mailgun email delivery service. For more information on the Mailgun ISO/IEC 27001:2013 certification please visit Data Processing Agreement | Mailgun.
Chaser uses Nylas for enhanced email communication services. Nylas has ISO/IEC 27001:2013 certification. For more information visit Security Certifications | Nylas.
Chaser uses Twilio to send SMS messages from the Chaser platform. Twilio has an ISO/IEC certificate. For more information please visit ISO/IEC Certification | Twilio.
Chaser uses Creditsafe to provide credit checking and monitoring reports. Creditsafe is ISO/IEC 27001:2013 certified. For more information please visit GDPR Customer Briefing | Creditsafe.

Frequently Asked Questions

Questions	Answers
How is data accessed in the cloud?	When accessing data in the cloud, we prioritize security measures beyond traditional username and password authentication. We employ Multi-Factor Authentication (MFA) and Single Sign-On (SSO) mechanisms to enhance access control and safeguard sensitive information. For further details, please refer to our data retention policy and additional information provided in our privacy policy.
What is your encryption of data in transit and at rest?	We uphold stringent encryption standards for data both in transit and at rest. Our approach ensures comprehensive protection across all accounts, assuring the confidentiality and integrity of your information. • Data Retention Policy: This document outlines our practices regarding the storage and deletion of data. It provides detailed information about how we manage data throughout its lifecycle, ensuring that it is retained only for as long as necessary. • IT Security Policy: Our IT Security Policy is designed to safeguard sensitive information and ensure the integrity, confidentiality, and availability of data. It encompasses measures related to network security, access controls, encryption, and more. • Privacy Policy: This policy provides a comprehensive overview of how we collect, use, disclose, and protect personal information. It also outlines individuals' rights and our commitment to compliance with relevant data protection laws.
Is there a privacy statement?	Yes, we maintain a comprehensive privacy policy that articulates our commitment to protecting personal information. You can access our privacy policy here for detailed insights into our practices and principles.
Is there a Data Processing Agreement (DPA)?	Certainly, our Data Protection Policy, which includes the Data Processing Agreement (DPA), outlines our protocols for handling and processing data securely. You can review our Data Protection Policy here for further details.
Is there a Data Protection Officer (DPO)?	Within our Data Protection Policy, we designate responsibilities and outline the role of our Data Protection Officer (DPO). For specifics regarding the DPO and our commitment to data protection, please refer to our Data Protection Policy available here.