SECURITY

Your Security Matters to Us

Security and Compliance to Protect Your Data

SOC 2 Type 1
GDPR Logo
GDPR Compliant
Enterprise Grade Security
Data Encryption

Security

Certified Infrastructure

Google Cloud is known for providing best in class security models and a scalable infrastructure that helps organizations stay secure and compliant.

10KC’s infrastructure, including all customer data, is hosted securely in Google Cloud.

Google Cloud adherence

Google Cloud adheres to ISO/IEC 27001/27017/27018/27701, SOC 1/2/3, PCI DSS, VPAT (WCAG, U.S. Section 508, EN 301 549) and FedRAMP certifications, and alignment with HIPAA, GDPR, and CCPA,

More information about Google’s compliance offering is available here.

Data Loss Prevention Measures

10KC has deployed the best in class DLP solutions to safeguard the classified data as per the information classification policy. Every 10KC employee goes through mandatory background checks. Access to client data is controlled utilizing VPN firewall and 2FA limited to a few security administrators and operations members supporting client accounts.

Encryption

Network traffic is encrypted via Transport Layer Security (TLS) to protect sensitive information during transmission against unauthorized access or modification. Data at rest is encrypted using AES256 encryption, while data in Transit is encrypted using TLS1.2 encryption.

Privacy

10KC has defined policies and procedures related to the management of Personal Information (PI). PI is collected in accordance to our Privacy Policy.

Read more about our policy

Compliance

SOC 2 Type I

The 10KC platform is SOC 2 Type I compliant and participates in annual independent audits to maintain compliance. The SOC 2 Type I auditing process ensures our policies, practices, and controls securely manage client data and protect the privacy of our users.

GDPR Compliant

We comply with GDPR requirements by letting each participant manage their opt-in preferences.

Reliability

Performance

Our service is hosted on Google Cloud’s renowned infrastructure which allows us to scale in minutes - scale-up by increasing the capability of each server and scale-out by adding more servers to our system - to meet your enterprise needs. We continuously monitor load for both scale-out and scale up scenarios. We also conduct scale-up and scale-out for our databases.

Backup and Disaster Recovery

Data at rest is encrypted automatically in the 10KC infrastructure. All cluster storage and snapshot volumes, including backups are encrypted. Data backups are taken continuously.

Accessibility

We hold ourselves to high standards.

At 10KC we’re obsessed with providing our users a best-in-class experience. Our design and development team prioritize accessibility at every stage of our product development process, this is why we use WCAG version 2.1 level AA, and a combination of automated and manual testing.

We also use automation to ensure that our design and development teams can create products that deliver the best experience for all users. Our automation includes validation that follows industry best practices, while leaving more complex checks that can’t be automated for manual validation.

We strive to support everyone.

Unlocking opportunity means equal access to technology, regardless of ability. Our platform supports:

  • Screen reader support for the visually impaired.
  • Appropriate focus indicators, labeling important visuals, and keyboard support for navigation.
  • Proper use of colours and contrast for people with lower colour perception.
  • Clear organization of content and use of easy to understand language for those comprehension is lower because of ability.

Data Subject Rights

Right to rectification

We support individuals' right to rectification - either directly through their account settings, or by contacting security@tenthousandcoffees.com.

Right to access and portability

10KC supports individuals' right to access and right to portability of both their personal data, and the data of their members. Requests for export can be made by contacting security@tenthousandcoffees.com.

Right to be forgotten

10KC supports individuals' right to be forgotten. We will ensure that all data is deleted upon our systems, and any third parties we engage with. Deletion can be requested by contacting security@tenthousandcoffees.com.

Internal audit

We have an internal audit, risk management and compliance team member with responsibility for identifying and tracking resolution of outstanding regulatory issues.

Right to object

We support individuals’ right to object. Participants can opt-in and out of being contacted on their community.

Employee compliance training

We have an internal compliance and ethics reporting mechanism and conduct regular training program for employees to report compliance issues.

See the 10KC Platform in Action

Learn how 10KC’s talent experience platform supports inclusive mentoring, employee connectivity and skills development.