Trust + Security

Self is a software partner for a registered U.S. financial institution – and as such, we have to abide by strict protocols that govern your safety and security over your data.

Self encrypts your data at multiple levels: disk encryption layer, database encryption layer, field-level encryption layer, API encrypted layer, and HTTPS/SSL 256 bit encrypted layer to your web browser. Self is a Statement on Standards for Attestation Engagements (SSAE) 16 SOC 1 compliant organization. Our most recent SOC 1 audit was completed on December 30, 2016.

Additionally, we hire experts to regularly perform vulnerability scans and penetration tests on our systems; we have a disaster recovery and business continuity plan with a cyber liability insurance policy, and lastly, our employees undergo criminal financial background checks before joining Self.

Self takes the following measures to protect your data:

1. Self employees undergo regular criminal financial background checks.
2. Employee workstations are encrypted — and do not have production data on their workstations.
3. Software is deployed in a three part process with each cycle of the process (development, staging and producation) being rigorously tested with unit testing, regression testing and UX testing.
4. Servers are encrypted and require multifactor authentication
5. Databases are encrypted both at a disk level and an individual field level.
6. Vulnerability scans and penetration tests are regularly conducted and without notice to our staff.
7. All communications are encrypted and transmitted over SSL via your web browser.
8. We maintain all applicable PCI DSS requirements.