Whether it is with development best practices, various controls, compliance with privacy regulations, or adherence to security standards, we work hard to ensure our systems and infrastructure are protected against unauthorized or accidental access, loss, alteration, disclosure, or destruction.
Termly is committed to meeting our customers’ data protection and data security needs. Our Security FAQ delivers a summary of our practices and policies, which help us keep your personal information safe and secure.
Adhering to industry standards is a must, this is why we started our journey to meet the requirements of the SOC 2 Type II attestation.
SOC 2 type II is a security framework that involves a range of practices and policies that are verified through a third-party audit and then presented in a SOC 2 compliance report. Requirements to be SOC 2 compliant cover data management practices in 5 areas: Security, Availability, Confidentiality, Integrity, Privacy.
As this process involves developing numerous practices and policies as well as adherence from all our employees, we take our time to ensure we deliver the right level of security throughout our entire organization. We will keep you posted!
Termly is hosted on a logically separated and distributed AWS cloud infrastructure. We do experience downtime events when AWS infrastructure does, but those are infrequent and usually limited to a handful of specific services.
All system and infrastructure downtime events are logged and researched by the infrastructure and software teams, and appropriate, commercially reasonable measures are taken in response to each event.
Current status, as well as recent incidents, can be found on our System Status page.
How is the personal data of your users handled by our Consent Management Platform?
When you use our Consent Management Platform – including our cookie scanner, cookie banner, and consent manager – the personal data of your users are processed by Termly’s app.
When collecting your users’ consent, our platform first processes their location to determine which consent banner to display according to the parameters you set. Once your users have chosen their consent preferences, their consent logs are created in our app.
Consent logs include the following personal data of your users:
User ID
IP address anonymized
IP country, Browser/device version
Cookie preferences
Consent date & time
Website url
Consent page url
Only you, and in some limited instances Termly employees, may have access to this information. Consent logs are stored and encrypted on Amazon Web Services’ servers in the United States.
How is the personal data of your users handled by our DSAR form?
When your users submit a privacy request through our DSAR portal – part of our Consent Management Platform DSAR Manager – their personal data are processed by Termly’s app.
Privacy requests submitted through this portal include the following personal data:
User ID
Website ID
User name
User email
Time submitted
Any information submitted on the form such as request type, agent requesting, relevant law, etc.
Only you, and in some limited instances Termly employees, may have access to this information. DSAR forms are stored and encrypted on Amazon Web Services’ servers in the United States.
How does Termly handle your privacy requests?
When you submit a privacy request – either by email, through our dedicated portal, or any other channel – we will automatically send you a confirmation that we have received it.
Depending on the type of request you make, your location, and the applicable legislation, we will let you know the applicable time for us to treat your request.
Once we have completed it, we will send you a confirmation.
Should you sign a Data Processing Agreement with Termly?
Yes, we recommend you sign a Data Processing Agreement with us. It’s a requirement under the GDPR and the CCPA — known as a Service Agreement — and it sets out the terms on which you may request us to process personal data on your behalf.
If you are using our services, we provide a Data Processing Agreement. We encourage you to contact us to make sure that our processing and data protection practices are in line with your organization’s.
