Security and privacy

Faraday can't operate without your data, so securing it is our top priority. We have been in business since 2012 and have handled hundreds of brands' PII data.

Logical isolation

As stated in our Terms, your company data is only used to generate your company's predictions. Any data you provide to us is logically isolated to your account and does not benefit other accounts.

SOC 2 Type 2 audit

Faraday is SOC 2 Type II audited by Wipfli, LLC. Our most recent audit report covers November 2020-November 2021 and our auditors found no exceptions. It is available for download here.

HackerOne penetration testing program

Faraday has an active HackerOne penetration testing and bug bounty program.

NIST 800-53 risk management program

Faraday has a NIST 800-53 risk management program that is assessed every quarter by the Faraday risk committee, comprising senior executives and the CEO.

CCPA compliance

Faraday is compliant with the California Consumer Privacy Act. We will sign Data Protection agreements. We will respond to data access, do-not-sell, and data deletion requests.

HIPAA compliance

Faraday is compliant with the Health Insurance Portability and Accountability Act. We will sign Business Associate Agreements.

GDPR compliance

Faraday is compliant with the European General Data Protection Regulation. We will sign Data Protection agreements. We will respond to data access, do-not-sell, and data deletion requests. Our method of compliance is to immediately delete all European data as soon as it comes into our possession.

Encryption at rest and in transit

Your data is encrypted at rest and in transit. Unencrypted access is disabled.

Trusted cloud

Security information and event management (SIEM)

Faraday has a SIEM implemented with New Relic and PagerDuty.

Personally Identifiable Information (PII)

We require PII to match your data into our Faraday Identity Graph containing data about more than 270 million US adults. This can be any combination of:

  • plaintext name
  • plaintext physical address
  • plaintext phone
  • plaintext email
  • SHA-256 hashed lowercase email