# Protecting your IT data

Stitchflow meets the highest industry standards, designed to protect your data with security, privacy, and compliance prioritized from day one.

[Learn more in our whitepaper](https://cdn.sanity.io/files/j4v4qlw8/production/f1cffafdbc33b4a0bf635031bf7ec120ff442896.pdf)

### SOC 2 Type II

Stitchflow meets AICPA SOC 2 Type II criteria for securely managing customer data.

### GDPR

Stitchflow complies with GDPR standards for protecting personal data and privacy.

### CCPA

Stitchflow complies with CCPA regulations for safeguarding California consumer‘s privacy.

## Product security

### Encryption

Service data is protected during transmission (TLS 1.2+) and at rest (AES-256).

### Role-based access controls

We offer fine-grained RBAC to manage who can access specific data.

### CSV synchronization

We offer CSV syncs as a flexible alternative to API integrations.

### Read-only access

We support read-only access for every integration.

## Organizational security

### Dedicated security team

A security expert oversees data security and compliance.

### Regular penetration testing

We perform third-party assessments to address application security flaws.

### Incident response

We have established procedures for promptly detecting and addressing security issues.

### Employee security training

Our employees receive regular training on information security, data protection, and privacy regulations.

### Background checks and NDAs

All employees go through background checks and sign non-disclosure agreements agreements.
