Trust at Cinchy
Putting you in full control of your data
At Cinchy, our mission is to give you full control of how you regulate and manage your data. By enabling you to self-host the platform, we allow you to adhere to your own best practices and protect your data the way you want. Data can be stored securely on the platform in a protected manner using the latest encryption protocols and standards. We understand that our clients also have many compliance needs, and provide the tools to help you be GDPR and CCPA compliant - such as the ability to do full erasure of data.
ISO 27001 CERTIFIED
The Cinchy platform is ISO 27001:2013 certified, meeting the highest standards of control and security.
SOC 2 TYPE II COMPLIANT
Cinchy has achieved the gold standard of information security, with a SOC2 Type 2 audit, based on security and confidentiality. It tested not only the structure of Cinchy's compliance program, but also the execution of internal controls over a six month period.
The security features of the Cinchy platform break down into the following categories:
All access through the platform must be authenticated. User management can take place through the platform or your existing identity provider / SSO (e.g Active Directory) using OpenID Connect. User and group-based management can take place directly within Cinchy, and can also be synced from existing systems where you currently do group management. All user login attempts and sessions are tracked through the platform.
All metadata within the platform is managed as data inside of the fabric as well. This includes a changelog that exists on all structures and allows you to see all data changes, including changes to access grants and table schema.
Cinchy logs every request, including user logins, sessions, what data is accessed or downloaded, and what data is synced into the platform. These logs are queryable at any point in time to give your teams full flexibility in monitoring changes.
Cinchy can be deployed in either an on-premise or private cloud instance that is 100% controlled and managed by the customer. Cinchy has zero access to the software during the deployment to keep the management of security and privacy of the customer’s data
100% within the customer’s control. If the customer elects to have one of Cinchy Master Builders (consultants) involved, then Cinchy will be happy to discuss security protocols required by the customer on a case-to-case basis.
Controls on the platform are defined at the data layer, which allows your teams to set granular conditions for managing access. This functionality allows your platform admin to provide users with the minimum access they need to perform their duties. Conditions can take into account a variety of factors, including account information about the current user, groups, and any other data on the fabric. The platform also offers you the ability to segregate duties on who can view or design table structures, manage entitlements, and modify data. You can control other permissions as well, such as the ability to manage the ability to query, import, and export data
Here is an example of a dynamic expression that would only allow sales reps in a specific city to see leads in that city.
Imagine we built a CRM system within Cinchy with the objective of tracking leads through the funnel. Every lead in the `Leads` table has a contact which is stored in a separate table called the “People” table. Everyone in the `People` table has a set of information including their name, job title, and address information such as a postal code that links to a Province or State.
The objective is to set up access permissions on who can view and modify these leads.
We can then use this information within these tables to create an “access grant” so that the information of the Lead can only be viewed and modified by an employee within the same province who already has access to the relevant tables.
The access grants are updated as data changes. For example, if there was an underlying change due to someone moving to a different city, the access grant would be updated.
Have any questions about our security practices? Send us a note at email@example.com