SECURITY TRUST CENTER
At NextRoll, we take technical, administrative and organizational security measures to protect your data and provide you transparency into our process.
Customer Data Protection
Customer Data & Use
Data Use Across Customers
See our Privacy Policy
Pixel
See our Privacy Policy
Data Retention
See our Privacy Policy
Application Security
External Testing
We regularly crowdsource vetted researchers to look into our platform and report bugs or vulnerabilities. You can also contact us directly via email at security@nextroll.com or our support channel with information about a vulnerability.
Data Exchange
See our Privacy Policy
Regulatory Compliance
PCI-SAQ-A
NextRoll is PCI SAQ-A certified and our third-party payment processors are also PCI certified. NextRoll never possesses payment credentials.
Cyber Insurance
We can provide amounts and certificates, if required for customers and partners with an NDA.
Certification
SOC 2
NextRoll completed its initial SOC 2 [Type 2] audit in August of 2020, and will continue to certify annually. A copy of this report will be provided, upon request, to existing and potential customers under NDA. Please contact an account manager or sales representative for this request.
Administrative Controls
Monitoring and Service Availability
Incident and Breach Response
In the event of a breach, NextRoll will send out a breach notification within the time prescribed by applicable law. We use scanning software to log and document the breach. We would also conduct post mortems and record steps taken to mitigate or remediate the breach. We would assist and cooperate with: the customer to investigate and mitigate the breach; supervisory or law enforcement; and provide additional notifications as required by data subjects.
SSO & MFA
Currently, we do not have SSO for our product. MFA is supported for the web app through SMS or a software-based authentication app. Please see here for more information:
In-House IT
NextRoll IT currently uses a Single-Sign-On (SSO) that enforces certain minimum requirements. Access to SaaS applications is also supported by OAuth 2 and TOTP. Local laptops enforce various minimum requirements for passwords through a laptop management solution.
Physical Security
NextRoll employs appropriate physical controls at our facilities. All visitors are required to be registered ahead of time and must check-in at the front desk. All offices use security swipe cards for access, CCTV systems are also in use.
DPA
See our Privacy Policy
Training
The Information Security Team at NextRoll strives to engage the broader company with several different levels of training. From high-level orientation to specific guidance on best practices. The goal is to empower all areas of the business with greater security knowledge.