Information Security and Compliance

GTM Buddy is SOC 2 Type 2 compliant

To maintain the trust of our global customer base, we continually invest and upgrade our information security policies and practices.

Your trust is at the heart of what we do. In addition to being SOC 2 Type 2 compliant, GTM Buddy is GDPR compliant as well.

We’ve Got You Covered

We’ve made it our priority to deliver you high-quality services without disruptions.

Comprehensive Backups

All data stored by GTM Buddy is backed up daily. To prevent data loss, we regularly restore and test all backups.

Scalable Infrastructure

All customer data is stored and backed up in highly secure AWS data centers. Please check AWS’s data center page to learn more about their practices.

Robust Recovery

Our disaster recovery plan is tested annually by restoring critical data. We back up data regularly, with RTOs and RPOs set to a maximum of 24 hours.

Incident Management

We follow an iterative approach to investigate issues, contain exploitations, remediate vulnerabilities, and document lessons learned.

Keeping You, Your Data, and Your Users Secure

Our strong security culture protects you from cyber threats and helps mitigate business risk.

Data Security

We use the latest encryption standards to secure data at rest and in transit. We also protect data stored on employee laptops and external storage devices.

User Authentication

We streamline user access without compromising security. We integrate with your SSO/MFA solution for a hassle-free login experience. 

Vulnerability and Penetration Testing

Our infrastructure is regularly scanned for vulnerabilities. Additionally, we work with penetration testing providers to uncover security loopholes and threats.

Access Controls

A philosophy of least privilege underpins our approach to access controls. Employees have only the minimum level of access required to do their jobs.

Where We Stand

We take a holistic approach to information security to safeguard your information from cyberattacks and unwarranted breaches.

Operating Principles

Keeping customer information secure, accessible, and confidential is our highest priority.

Training Programs

Within 30 days of joining, employees are required to complete security training and attend refresher courses annually.

Security Reviews

External vendors rigorously evaluate our security controls. And we can share these security reports with you under NDA.

Background Screening

Background checks are conducted for all new employees during the hiring process to mitigate further risks.