Chameleon has received SOC 2 Type II certification; we’ve been audited across over ~190 controls over multiple months to verify our security systems and policies meet best-in-class standards, without exception.
Chameleon has always prioritized security #
Chameleon helps products be more self-service by enabling teams to create and deliver in-product experiences (such as Tooltips, Tours, Microsurveys, and Launcher checklists) without coding.
Our customers trust us with their data and load our software inside their applications to deliver these experiences to their users. Chameleon is often a business-critical system to deliver notifications, announcements, and guidance to users, and to collect key feedback and insights from them.
Security has always been of utmost importance to us; we launched our vulnerability reporting system soon after we went to market, over 5 years ago, to provide a chance to ethical hackers and bug bounty hunters to test our systems and report their findings. We’ve received hundreds of submissions and continually invest time in upgrading our technologies to protect against emerging threats.
One of our Enterprise customers recently said:
We conducted our own pen test against Chameleon’s systems and found them to stand up better than almost all other products.
The SOC 2 audit tested us over multiple months #
Our SOC 2 Type II report evaluated key security practices over multiple months. This included how we onboard and offboard members of our workforce, how we segregate and protect customer data, how we manage our software vendors, how we enforce two-factor authentication, how we test our code, and more.
SOC (System and Organization Controls) 2 is an audit developed by the American Institute of Certified Public Accountants (AICPA) and is considered a gold standard for security accreditation amongst software companies. It measures controls against 5 “Trust Principles”: Security, Availability, Processing Integrity, Confidentiality, and Privacy.
Chameleon’s SOC 2 audit was conducted by Schneider Downs, a nationally recognized CPA firm registered with the Public Company Accounting Oversight Board.
We continuously monitor all SOC 2 controls #
As part of our commitment to security by design, we implemented Drata, a continuous compliance monitoring solution. This means Drata is always monitoring our SOC 2 controls and provides a real-time snapshot of our status. We are immediately notified of any potential risks, enabling us to react quickly, and maintain the highest compliance “uptime”. We can also provide this real-time report of our compliance to customers, so they can be confident we are always meeting our commitment to be best-in-class.
Chameleon has always been built securely, uses secure vendors, and has a strong team enabling this. Receiving the SOC2 certification was the culmination of many years of strong security practices.
Chameleon is also GDPR and CCPA compliant #
Chameleon maintains GDPR and CCPA compliance, meaning we adhere to the strictest regulations on data privacy and protection.
Chameleon does not collect any personal data by default, and offers our customers and their end-users the key rights enshrined in GDPR (such as the right to opt-out and the right to be forgotten.)
In addition, Chameleon regularly conducts external pen tests and vulnerability assessments, maintains key insurances, and offers SSO for customers. To sign a DPA with Chameleon, please email us at firstname.lastname@example.org.
You’re in safe hands at Chameleon #
The Chameleon team knows the importance of data and system security and we are committed to upholding the trust our customers place in our software.
To learn more please leverage the following resources:
Read our security statement here
Visit our Security & Privacy help center here
Review our responsible disclosure program here
View Chameleon’s system status and uptime here
Email us here for any security questions or to request a summary of our SOC 2 report