Security & Compliance
Here’s why you can trust Constructor.io with your data:
Secure, hardened data centers
Our data centers are hardened and utilize security best practices, and are certified for compliance with ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015.
Our globally distributed infrastructure has multiple levels of redundancy. If one data center fails or becomes unacceptably slow, we will automatically route requests to other data centers.
Data anonymization practices
We use many practices to minimize compliance risks (using anonymous IDs, stripping the last octet of IP addresses, and hashing identifiers on a website-by-website basis) to ensure anonymous user identifiers cannot be linked back to PII.
Other security features
We’re able to easily mitigate distributed denial of service attacks of any size to prevent outages.
OWASP Top 10 Compliant
We cover all bases of the O-WASP top 10 security risks of web applications.
NIST-compliant Coding Practices
We comply with NIST coding practices to minimize attack surface area.
Routine Chaos & Penetration Testing
Our dedicated security team routinely tests our infrastructure by introducing failure points and security threats in isolated environments so we can stay 1 step ahead of any potential attackers.
Top scoring in security benchmarks
Constructor’s score in the Qualys SSL analysis is at the top of the industry when compared with our top 5 competitors.
We are compliant with all major, national data privacy frameworks:
Want to disclose a security vulnerability?
We support responsible disclosure. Contact us today!
Don’t just trust us. Make us prove it.
Let us quantify the value of Constructor’s ML-backed search and discovery on your site using your data. No contract required.