Blog Features

Custify Security, Compliance, and Data Privacy Pratices & Certifications

Updated on March 24, 2023 3 minutes read

Summary points:

At Custify, we take the security of our customers’ data very seriously. That’s why we’ve made sure that our internal data handling processes comply with key data security standards and regulations.

SOC 2 Type II

Cusitfy has been certified as SOC 2 Type 2 compliant following a comprehensive evaluation by an independent auditor.

Developed by the American Institute of Certified Public Accountants (AICPA), SOC 2 is the leading framework for secure customer data management. It is based on the following five key principles, also known as the “trust service principles” (TSPs):

  • Security: Whether the system (in our case, the Custify platform) is protected against unauthorized access, misuse, theft, or alteration of information.
  • Availability: Whether the system is accessible as defined by the conditions of a contract or service level agreement (SLA).
  • Processing integrity: Whether the system delivers on its purpose and functions reliable, accurately, and in a timely manner.
  • Confidentiality: Whether the confidential information within the platform can only be accessed by an authorized party.
  • Privacy: Whether the platform’s handling of customers’ personally identifiable information (PII) complies with the AICPA’s Generally Accepted Privacy Principles (GAPP).

An SOC 2 certification is awarded by an independent third-party evaluator following a lengthy audit of the company’s data security practices. There are two types of SOC 2 audits and, respectively, certification:

  • Type 1, which evaluates an organization’s data security practices at a given point in time. A Type 1 audit is usually performed to establish whether the organization has any data security measures in place to begin with.
  • Type 2, which evaluates an organization’s data security practices over a certain period of time (usually between 3 and 12 months). A Type 2 audit is a superior standard compared to Type 1 and established whether the organization’s data security measures are functioning as intended.

ISO/IEC 27001

Custify is fully compliant with the ISO/IEC 27001 standard of information security management.

Created by the International Organization for Standardization (ISO) in collaboration with the International Electrotechnical Commission (IEC), ISO/IEC 27001 is the world’s most prominent information security standard.

The purpose of an ISO/IEC 27001 is to establish whether an organization has implemented an information security management system (ISMS). An ISMS is a combination of hardware, software, and internal processes that enables the organization to protect sensitive information, including customer data.

This includes rigorous guidelines for:

  • Collecting data
  • Storing data
  • Using data
  • Assessing and mitigating data security risks
  • Continuously improving data security practices

Just like with SOC 2, an ISO/IEC 27001 certification is issued to an organization by an independent third-party auditor based on 93 parameters. A successful certification means that the organization fulfills the key three principles of the ISO/IEC 27001 standard:

  • Confidentiality: The information is only accessible by authorized stakeholders.
  • Integrity: The information can only be altered by authorized stakeholders.
  • Availability: The information can be accessed by authorized stakeholders on demand.


Custify maintains an active compliance with General Data Protection Regulation (GDPR) in full accordance with EU legislation.

Implemented in 2018, GDPR outlines the data privacy and security requirements across the entire European Economic Area (EEA).

GDPR compliance is mandatory for every organization that targets or collects data from EEA citizens or residents, regardless of where the organization is based.

Google / Microsoft 365 SSO

Custify supports enforceable single sign-on (SSO) for both Google Workspace and Microsoft 365 in an extra effort to mitigate data risks.

Single sign-on is a feature that allows employees or users to access an organization’s online apps and services with a single set of login credentials. It also allows the company to easily manage or remove access if needed.

Role-Based Access

Custify offers flexible role-based access control for enhanced data security.

In Custify, admins can control what data their teammates can access based on their roles in the organization. More specifically, they can set up specific roles with custom permissions and assign them to individual users.

This follows the Confidentiality principle of the SOC 2 standard and helps ensure that sensitive information is only accessible to authorized users.

Get in touch

At Custify, we aim to continuously improve and strengthen our internal data security processes. The safety of our customers’ data is our top priority, and our team works hard to ensure it.

If you have any further questions about how we handle your data, feel free to refer to our Privacy Policy and GDPR Data Protection Addendum. Or, reach out to us at contact[at]

Philipp Wolf

Written by Philipp Wolf

As the CEO of Custify, Philipp Wolf helps SaaS businesses deliver great results for customers. After seeing companies spend big money with no systematic approach to customer success, Philipp knew something had to change. He founded Custify to provide a tool that lets agents spend time with clients—instead of organizing CRM data.

You might also enjoy:

Best Practices

Value Realization Framework in SaaS: A Strategy to Exceed Customer Expectations

Profitability in SaaS is more often than not a tightrope act between development, marketing, and customer success. And …

Customer Success

How To Hire A Customer Success Manager The Right Way

Customer success managers improve the customer experience (CX) of any business. It’s probably the most essential part of …

Customer Success

The 13 Most Eye-opening Customer Success Webinars | 2022 List

Since the CS world is constantly full of brilliant talks, we know many of you’ve been waiting for …


Notice: This website or its third-party tools use cookies, which are necessary to its functioning and required to achieve the purposes illustrated in the privacy policy. If you want to know more or withdraw your consent to all or some of the cookies, please refer to the privacy policy. By closing this banner, scrolling this page, clicking a link or continuing to browse otherwise, you agree to the use of cookies.