Security & Compliance

Here’s why you can trust Constructor with your data

Compliant with all major data privacy frameworks

Secure, hardened data centers

Our data centers are hardened and utilize security best practices, and are certified for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.

Redundant architectures

Our globally distributed infrastructure has multiple levels of redundancy. If one data center fails or becomes unacceptably slow, we will automatically route requests to other data centers.

Data anonymization practices

We use many practices to minimize compliance risks (using anonymous IDs, stripping the last octet of IP addresses, and hashing identifiers on a website-by-website basis) to ensure anonymous user identifiers cannot be linked back to PII.

Data anonymization practices

Other security features

DDOS Protection

We’re able to easily mitigate distributed denial of service attacks of any size to prevent outages.

OWASP Top 10 Compliant

We cover all bases of the O-WASP top 10 security risks of web applications.

NIST-compliant Coding Practices

We comply with NIST coding practices to minimize attack surface area.

Routine Chaos & Penetration Testing

Our dedicated security team routinely tests our infrastructure by introducing failure points and security threats in isolated environments so we can stay 1 step ahead of any potential attackers.

Top scoring in security benchmarks

Constructor’s score in the Qualys SSL analysis is at the top of the industry when compared with our top 5 competitors.

Want to disclose a security vulnerability?

We support responsible disclosure. Contact us today!

Don’t just trust us. Make us prove it.

Let us quantify the value of Constructor’s ML-backed search and discovery on your site using your data. No contract required.