How Purefy Protects Your Data
Calculating your real-time rates from the industry's best lenders...
Our Personnel Practices
- All Purefy contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
- Confidentiality agreements are signed by all employees, contractors, and others who have a need to access our systems.
- We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques that attack vectors.
Secure Development and Testing
Software development is conducted in line with OWASP Top 10 recommendations for web application security.
Keeping Our Cloud Data Secure
- All data is encrypted at rest and in transmission using financial-grade tech to prevent any unauthorized access and prevent data breaches.
- Our entire platform is continuously monitored using Microsoft cloud defense tools and subject to third-party penetration testing and vulnerability scanning.
- Purefy uses role-based access controls, meaning that only Purefy’s most senior technology and security administrators have access to your most sensitive data.
InfoSec Compliance
Purefy’s external certification process provides independent assurance of our dedication to protecting your data. We use trusted third parties to regularly assess and validate the protections and effective security practices Purefy has in place.
SOC 2 Type 2
Purefy successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Purefy’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.
Purefy was audited by Prescient Assurance, a leader in security and compliance certifications for technology companies worldwide. Prescient Assurance is a registered public accounting firm in the US and Canada.
The unqualified opinion on our SOC 2 Type II audit report demonstrates that we manage customer data with the highest standard of security and compliance.