As an integral solution used by many global brands to create and share interactive content experiences, Tiled understands the sensitivity of confidentiality, data integrity and availability required of our platform and we work hard to deliver on that promise. We use a multi-layered approach to protect that key information, constantly monitoring and improving our application, systems and processes to meet the growing demands and challenges of security.
Tiled hosts its software on Amazon Web Services (AWS).
Amazon provides an extensive list of compliance and regulatory assurances, including SOC 3, and ISO 27001. See Amazon's compliance and security documents for more detailed information.
Tiled has a SOC 2 Type 2 attestation.
We have undergone examination of our security controls against the AICPA defined standards.
Tiled is committed to ensuring compliance with the General Data Protection Regulation (GDPR).
With Tiled’s GDPR compliance framework, your interactive content experiences can be enabled to inform end-users as well as obtain their agreement in engaging with your content.
SOC2 Type 2 Tiled has certified its systems to AICPA SOC2 Type 2 level, successfully auditing the operational and security processes of our service and company.
What personal data does Tiled collect and how is it used?
Tiled collects personal data in order to provide you with the best user experience of our product and services. We also use the data to communicate with you. For example, if we need to contact you regarding your account, new products or services available, customer support, security, safety and other types of communications and marketing efforts. Although Tiled does not store IP or geo data, we do perform an IP address to city mapping in order to provide you with the best user experience of our product and services.
What are some of Tiled’s key GDPR compliance initiatives?
Tiled includes (but is not exclusive to) the following:
Secure data centers: Tiled hosts its software on Amazon Web Services (AWS) and leverages Amazon facilities in the USA. Amazon provides an extensive list of compliance and regulatory assurances, including SOC 3, and ISO 27001. Because of their stringent security measures, Tiled is able to address compliance with their certifications and third-party attestations:
Network uptime: We quantify our reliability by offering a 99.5% uptime guarantee to enterprise customers. This guarantee ensures the constant deployment of our services, 24 hours a day, 7 days a week, 365 days a year. While Tiled strives to keep our systems up at all times, we also make intermittent upgrades or improvements from time to time. Any downtime will be communicated to customers beforehand with sufficient notice.
Encryption: Because Tiled stores your valuable data and in some cases, Personal Identifiable Information (PII) (e.g. name and email), Tiled endeavors to encrypt data wherever possible. As such, we abide by two sets of encryption principles: encryption in transit (https) and encryption at REST. For the former, we aim for all data passing over the wire to be encrypted using standard HTTPS connections. For the latter, data is securely encrypted while stored in our databases. You can find more information on how data is secured here.
Password authentication: Tiled supports sign-on with a unique username and password. Only salted one-way hashes of passwords are stored by our servers, never the passwords themselves. Individual user identity is authenticated and re-verified with each transaction, using a unique token created at login.
Permission controls: We follow security best practices by using least privilege access principles to protect your data. Role-based permissions system is available to Tiled user administrators. Administrators may:
Data ownership: Tiled claims no ownership over any documents created through our services. Users retain copyright and any other rights, including all intellectual property rights, on created documents and included content. We respect your privacy and will never make your documents publicly available without permission.
Continuous monitoring: Tiled performs regular internal security design reviews. Our live systems are continuously monitored and supported; any issue will be reported and fixed as soon as possible.