SECURITY TRUST CENTER
At NextRoll, we take technical, administrative and organizational security measures to protect your data and provide you transparency into our process.
Customer Data Protection
Customer Data & Use
Data Use Across Customers
We regularly crowdsource vetted researchers to look into our platform and report bugs or vulnerabilities. You can also contact us directly via email at firstname.lastname@example.org or our support channel with information about a vulnerability.
NextRoll is PCI SAQ-A certified and our third-party payment processors are also PCI certified. NextRoll never possesses payment credentials.
We can provide amounts and certificates, if required for customers and partners with an NDA.
Monitoring and Service Availability
Incident and Breach Response
In the event of a breach, NextRoll will send out a breach notification within the time prescribed by applicable law. We use scanning software to log and document the breach. We would also conduct post mortems and record steps taken to mitigate or remediate the breach. We would assist and cooperate with: the customer to investigate and mitigate the breach; supervisory or law enforcement; and provide additional notifications as required by data subjects.
SSO & MFA
Currently, we do not have SSO for our product. However, this is in progress and will be implemented in the near future. MFA is supported for the web app through SMS or software based authenticator.
NextRoll IT currently uses a Single-Sign-On (SSO) that enforces certain minimum requirements. Access to SaaS applications is also supported by OAuth 2 and TOTP. Local laptops enforce various minimum requirements for passwords through a laptop management solution.
NextRoll employs appropriate physical controls at our facilities. All visitors are required to be registered ahead of time and must check-in at the front desk. All offices use security swipe cards for access, CCTV systems are also in use.
The Information Security Team at NextRoll strives to engage the broader company with several different levels of training. From high-level orientation to specific guidance on best practices. The goal is to empower all areas of the business with greater security knowledge.