CoderPad Security and Privacy Measures

Security is more than a buzzword at CoderPad, it’s a fundamental aspect of our platform. Your data’s safety is a top priority for us. Explore how we maintain a secure environment for your technical hiring.

Infrastructure and Application Security

  • CoderPad is hosted and runs on industry standard cloud providers: Amazon Web Services, Google Cloud Platform, and Heroku. We secure our cloud infrastructure using CIS Benchmark.
  • We do weekly vulnerability scans, and have a clear patch management policy.
  • CoderPad undergoes a yearly penetration test by an external provider. Contact our Sales team if you wish to see the latest report.  
  • We have an active Bug Bounty program where we offer rewards to anyone who identifies potential security vulnerabilities.
  • New product features and internal processes undergo peer review and security assessment prior to release. We consistently enhance security practices based on industry shifts and customer input.

Data Protection

  • We streamline authentication by providing single sign-on (SSO) capability (allows MFA)
  • We follow privacy regulations and are GDPR and CCPA compliant, you can find more information on our privacy policy page
  • Our data is stored using AES256 encryption. Our web communication uses TLS1.2 at minimum.
  • Our SOC2 Compliance certification is underway and should be confirmed by the end of 2023. 
  • We use a trusted payments processor, Stripe, and never store or process your payment data. 

Internal security measures

  • CoderPad has a full-time Chief Information Security Officer (CISO), who is CISSP-certified, and a Data Privacy Officer (DPO).
  • We use Multi Factor Authentication for access to all critical tools. 
  • All users:
    • have an Endpoint Detection and Response (EDR) security tool deployed on professional endpoints. This is monitored by a security operations center. 
    • have surface encryption on their professional endpoints
    • attend a yearly mandatory cybersecurity and privacy awareness program
  • We have and abide by a full set of internal cybersecurity policies (based on the ISO 27000 framework), including a privacy and an acceptable usage policy.

SecurityScorecard rates and continuously monitors the corporate cybersecurity of websites and gives an A-F rating based on 10 risk factors.