Security & Compliance

Here's why you can trust Constructor.io with your data:

Learn More

Secure, hardened data centers

Our data centers are hardened and utilize security best practices, and are certified for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.

Redundant architectures

Our globally distributed infrastructure has multiple levels of redundancy. If one data center fails or becomes unacceptably slow, we will automatically route requests to other data centers.

Data anonymization practices

We use many practices to minimize compliance risks (using anonymous IDs, stripping the last octet of IP addresses, and hashing identifiers on a website-by-website basis) to ensure anonymous user identifiers cannot be linked back to PII.

Other security features

DDOS Protection

We're able to easily mitigate distributed denial of service attacks of any size to prevent outages.

OWASP Top 10 Compliant

We cover all bases of the O-WASP top 10 security risks of web applications.

NIST-compliant Coding Practices

We comply with NIST coding practices to minimize attack surface area.

Routine Chaos & Penetration Testing

Our dedicated security team routinely tests our infrastructure by introducing failure points and security threats in isolated environments so we can stay 1 step ahead of any potential attackers.

Top scoring in security benchmarks

Constructor’s score in the Qualys SSL analysis is at the top of the industry when compared with our top 5 competitors.

Compliance

We are compliant with all major, national data privacy frameworks:

CCPA

Want to disclose a security vulnerability?

We support responsible disclosure. Contact us today!
Contact Security Team

Deliver better results from search

Talk with a solutions consultant to launch intelligent eCommerce product discovery.