Security and Compliance

Overview

At Wizeline, we understand the critical nature of security and privacy around your product plans. With that in mind, the security of our customers’ data is an uncompromised priority.
Security has been integrated into the architecture of our products and services, and as part of the processes and practices of our staff. Therefore, all our platforms, infrastructure, applications and operations must comply with minimum security levels required by applicable laws/regulations, professional organizations and industry practices.

Infrastructure

Wizeline computing infrastructure is built and hosted with top level cloud providers, including Amazon AWS, Google Cloud and Microsoft Azure. We implement secure, scalable and distributed architectures to ensure that all our products are protected and available.
All our cloud providers have been accredited under ISO 27001, SOC 1/ SOC 2, PCI DSS Level 1, CSA Controls, among other certification and validation programs.

Applications and Development

Our engineers employ secure coding practices to ensure that all our products comply with a high level of security. Additionally, the applications pass through a robust process of quality assurance and security assessment.
The security level of the products can be customized according to our customers’ needs, always considering the best practices recommended by professional organizations (for example, least privilege principle, segregation of duties, encryption of sensitive data, restoration and recovery strategies, role-based and strong access mechanisms). Such practices have been implemented for our internal applications and processes.

Internal Operations

We follow a strict code of behavior and security, which is backed up and defined by a set of comprehensive policies and procedures which govern our internal processes. The policies and procedures consider ownership, access control, data classification and handling, incident response, business continuity and disaster recovery, continual security training, change management, risk management, among others.
We count with a Security Team which monitors the compliance of such policies, enforce/implement the security controls, and evaluates our security posture for continual improvement. Additionally, our DevOps Teams are trained to implement the most secure practices and configurations in all our infrastructure and in the platforms supporting the products.
Our staff is continuously trained in security topics, including Confidentiality, Privacy, Secure Operations, and Coding.

Privacy

Wizeline respects the applicable laws and regulations of the jurisdiction where we operate. Therefore, to protect our customers’ privacy and product users, we defined a privacy framework to attend the requirements of individuals and agencies. Additionally, our systems have been reviewed and strengthen to protect all personal data.
Also, we comply with the principles outlined by the General Data Protection Regulation (GDPR), and we are certified by the U.S. Department of Commerce according to the Privacy Shield Framework.

Privacy ShieldPrivacy Shield

You can read our Privacy Policy in the following link

If your use of the Services requires Wizeline to process Personal Information falling within the scope of GDPR, you may obtain and execute Wizeline’s Data Processing Addendum (“DPA”) by contacting us at privacy@wizeline.com

Compliance

Our consulting services and the Chatbot product are certified about the principles of Security, Availability and Confidentiality through a SOC 2 Type I report. SOC 2 is a report obtained through the evaluation of our products/services based on the Trust Principles outlined by the American Institute of Certified Public Accountants (AICPA). You can request, under acceptance of our Non-Disclosure Agreement (NDA), our SOC 2 report.

SOC-AICPA

If you want to know more about our security, privacy and compliance practices and initiatives, write us to security@wizeline.com.