Announcing Chameleon’s SOC 2 Type II certification

Chameleon has received SOC 2 Type II certification; we’ve been audited across over ~190 controls over multiple months to verify our security systems and policies meet best-in-class standards, without exception. 

Chameleon helps products be more self-service by enabling teams to create and deliver in-product experiences (such as Tooltips, Tours, Microsurveys, and Launcher checklists) without coding. 

Our customers trust us with their data and load our software inside their applications to deliver these experiences to their users. Chameleon is often a business-critical system to deliver notifications, announcements, and guidance to users, and to collect key feedback and insights from them. 

Security has always been of utmost importance to us; we launched our vulnerability reporting system soon after we went to market, over 5 years ago, to provide a chance to ethical hackers and bug bounty hunters to test our systems and report their findings. We’ve received hundreds of submissions and continually invest time in upgrading our technologies to protect against emerging threats. 

One of our Enterprise customers recently said:

Our SOC 2 Type II report evaluated key security practices over multiple months. This included how we onboard and offboard members of our workforce, how we segregate and protect customer data, how we manage our software vendors, how we enforce two-factor authentication, how we test our code, and more. 

SOC (System and Organization Controls) 2 is an audit developed by the American Institute of Certified Public Accountants (AICPA) and is considered a gold standard for security accreditation amongst software companies. It measures controls against 5 “Trust Principles”: Security, Availability, Processing Integrity, Confidentiality, and Privacy.

Chameleon’s SOC 2 audit was conducted by Schneider Downs, a nationally recognized CPA firm registered with the Public Company Accounting Oversight Board. 

As part of our commitment to security by design, we implemented Drata, a continuous compliance monitoring solution. This means Drata is always monitoring our SOC 2 controls and provides a real-time snapshot of our status. We are immediately notified of any potential risks, enabling us to react quickly, and maintain the highest compliance “uptime”. We can also provide this real-time report of our compliance to customers, so they can be confident we are always meeting our commitment to be best-in-class. 

Chameleon maintains GDPR and CCPA compliance, meaning we adhere to the strictest regulations on data privacy and protection. 

Chameleon does not collect any personal data by default, and offers our customers and their end-users the key rights enshrined in GDPR (such as the right to opt-out and the right to be forgotten.) 

In addition, Chameleon regularly conducts external pen tests and vulnerability assessments, maintains key insurances, and offers SSO for customers. To sign a DPA with Chameleon, please email us at security@trychameleon.com. 

The Chameleon team knows the importance of data and system security and we are committed to upholding the trust our customers place in our software. 

To learn more please leverage the following resources:

• Read our security statement here

• Visit our Security & Privacy help center here

• Review our responsible disclosure program here

• View Chameleon’s system status and uptime here

• Email us here for any security questions or to request a summary of our SOC 2 report
  

If you’re interested in trying Chameleon, you can sign-up for a free account here or contact us for a personalized demo.