CoderPad Security and Privacy Measures

Security is more than a buzzword at CoderPad, it’s a fundamental aspect of our platform. Your data’s safety is a top priority for us. Explore how we maintain a secure environment for your technical hiring.

Infrastructure and Application Security

  • CoderPad is hosted and runs on industry standard cloud providers: Amazon Web Services, Google Cloud Platform, and Heroku. We secure our cloud infrastructure using CIS Benchmark.
  • Our SOC2 report, issued by the American Institute of CPAs (AICPA), shows our commitment to our strict information security policies and procedures to protect all of our data from breaches and unauthorized access.
  • We do weekly vulnerability scans, and have a clear patch management policy.
  • CoderPad undergoes a yearly penetration test by an external provider. Contact our Sales team if you wish to see the latest report.  
  • We have an active Bug Bounty program where we offer rewards to anyone who identifies potential security vulnerabilities.
  • New product features and internal processes undergo peer review and security assessment prior to release. We consistently enhance security practices based on industry shifts and customer input.

Data Protection

  • We streamline authentication by providing single sign-on (SSO) capability (allows MFA)
  • We follow privacy regulations and are GDPR and CCPA compliant, you can find more information on our privacy policy page
  • Our data is stored using AES256 encryption. Our web communication uses TLS1.2 at minimum.
  • We use a trusted payments processor, Stripe, and never store or process your payment data. 

Internal security measures

  • CoderPad has a full-time Chief Information Security Officer (CISO), who is CISSP-certified, and a Data Privacy Officer (DPO).
  • We use Multi Factor Authentication for access to all critical tools. 
  • All users:
    • have an Endpoint Detection and Response (EDR) security tool deployed on professional endpoints. This is monitored by a security operations center. 
    • have full disk encryption on their professional endpoints
    • attend a yearly mandatory cybersecurity and privacy awareness program
  • We have and abide by a full set of internal cybersecurity policies (based on the ISO 27000 framework), including a privacy and an acceptable usage policy.

SecurityScorecard rates and continuously monitors the corporate cybersecurity of websites and gives an A-F rating based on 10 risk factors.