Skip to content

Security & Compliance Statement

At ChallengeWord LLC, security is at the core of everything we do. We understand that our customers - especially those in finance, healthcare, and other regulated industries - require a high level of trust, data protection, and compliance. While ChallengeWord LLC is not currently SOC 2 or ISO 27001 certified, we leverage Heroku’s SOC 1, SOC 2 Type II, and ISO 27001-compliant infrastructure to provide a secure and reliable platform for our users.

Infrastructure Security

Our platform is hosted on Heroku, a trusted cloud provider that maintains SOC 1, SOC 2 Type II, and ISO 27001 certifications. This means our infrastructure benefits from industry-leading security standards, including:

  • Data Encryption: All data is encrypted at rest and in transit using AES-256 and TLS 1.2+.
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication (MFA) protect critical systems.
  • Regular Security Audits: Heroku undergoes independent third-party audits to validate compliance with security best practices.

Application Security

We implement rigorous security measures within our application, including:

  • End-to-End Encryption: All user interactions are secured via TLS encryption.
  • Authentication & Access Management: ChallengeWord integrates with Single Sign-On (SSO) providers to enhance security.
  • Real-Time Monitoring: We continuously monitor logs and access patterns to detect unauthorized activity.

Data Privacy & Compliance

While ChallengeWord does not process or store Protected Health Information (PHI) or financial transaction data, we align our practices with industry standards for handling sensitive information responsibly.

  • GDPR & CCPA Readiness: We provide users with control over their data, including the ability to request access, modifications, or deletion.
  • Data Minimization: We only collect and store the minimum data necessary for service functionality.

Business Continuity & Disaster Recovery

We take proactive steps to ensure high availability and resilience:

  • Automated Backups: Data is backed up daily with secure retention policies.
  • 9% Uptime Commitment: Our cloud infrastructure is designed for redundancy and fault tolerance.
  • Incident Response Plan: We have a documented incident response process to swiftly handle potential security events.

Third-Party Security & Vendor Management

We carefully select and vet third-party vendors to ensure they meet our security and compliance requirements. This includes:

  • Heroku (SOC 2, ISO 27001) for managed hosting and infrastructure.
  • Cloudflare (SOC 2, ISO 27001, PCI DSS) for content delivery and DDoS protection.
  • Microsoft & Google Authentication for federated identity and SSO integrations.

Customer Security Responsibilities

While we implement strong security controls, we also encourage our customers to follow best practices, such as:

  • Using Strong Passwords and enabling Multi-Factor Authentication (MFA) where applicable.
  • Verifying Communications using ChallengeWord’s security features.
  • Reporting Security Concerns to our team immediately.

Contact Us

If you have any security or compliance-related questions, please reach out to us at support@challengeword.com. Our team is committed to maintaining a secure and trusted platform for all our users.