Effective: Feb 24, 2025
Updated: Fed 24, 2025
How Cerco AI uses the best security practices to protect our users.
At Cerco AI, users trust is one of our top priorities.
That’s why we maintain the highest standards of data security and privacy. We understand that it is important for you to keep your data and your employee data secure. It is our promise. Cerco AI implements the security testing and reviews, designed to be GDPR compliant, and encrypts your data.
Cerco AI is hosted and delivered by Amazon Web Services (AWS) through Bubble.io platform. Amazon is responsible for the security of its actual data centers and the AWS cloud. Cerco AI is responsible for monitoring, managing, and securing the Cerco AI cloud.
AWS manages the data centers that host the Cerco AI cloud. For more information about security at those data centers, see here.
Cerco AI Cloud data is hosted in the USA region.
Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations and manages many compliance programs 24/7 to comply with laws and regulations. A list of such certifications and compliance statements can be found here.
AWS has SOC 1, SOC 2, and a public SOC 3 report on Security, Availability & Confidentiality (pdf).
Cerco AI is GDPR compliant. Organizations in the European Union (EU) or who employ EU-based individuals can be sure that Cerco AI protects their personal information securely in compliance with the EU laws.
Within Cerco AI, only a few trusted members of our team have access to the production environment to maintain our cloud services and assist our customers. Additionally, we monitor all access to the Cerco AI cloud. Cerco AI implements a variety of data security and vulnerability checks to ensure secure software development.
Customers are responsible for maintaining the security of their own login information.
In the Cerco AI cloud, data at rest is encrypted following the best industry standards - 256-bit encryption via native AWS capabilities. Additionally, all data-in-transit and communications with the Cerco AI cloud are protected with HTTPS using TLS 1.2 and within the cloud with VPN network connections.
Your data is retained indefinitely while you are our customer. In case you leave our service, all data will be removed upon the customer request or within one year of inactivity. If you want to remove your data, please contact us at support@cerco.ai.
Breaches will be communicated within 48 hours, and any vulnerabilities are fixed as soon as possible.
Customer data is backed up once a day, once per week and once per month and is encrypted following industry standards.
Cerco AI cloud services are tested regularly by our security team. If findings occur, they will be solved immediately.
Cerco AI’s cloud team has a disaster recovery process in place, and it is tested on a regular basis.
Cerco AI understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant with privacy laws and regulations. For more information, please see our Privacy Policy.
If you believe you have found a potential security vulnerability on Cerco AI, please let us know right away by emailing security@cerco.ai. We will investigate all reports and do our best to fix valid issues quickly.
Provide us with a reasonable amount of time to resolve the issue before disclosing it to the public or a third party. We aim to resolve critical issues within one week of the disclosure.
Make a reasonable faith effort to avoid violating privacy, destroying data, or interrupting or degrading the Cerco AI service. Please only interact with domains you own or for which you have explicit permission from the account holder.
While researching, we’d like you to refrain from:
Thank you for helping to keep Cerco AI and our users safe!
We may revise these guidelines from time to time. The most current version of
the guidelines will be available at https://www.cerco.ai/legal/security
Contact our security team at security@cerco.ai