Our Commitment to Security

Last reviewed: Thursday 28th December 2023

As a provider of digital credentials and a platform largely used by developers, Holopin understands the importance of safeguarding sensitive information and keeping up with the latest security standards. To that end, we have implemented a number of measures to ensure the security of our systems and data, and are committed to regularly improving our security practices.

For our employees and contractors, we require the use of a password manager and two-factor authentication (2FA) to access any of our internal systems, documents, productivity applications, software development tools and environments. For most of our systems, we use single sign-on (SSO) to authenticate users. We aim to ensure that access to these systems is restricted to only those people who need it for their job duties, and we regularly review and update access controls. Employees are required that the disks on their work computers are encrypted, and the machines themselves are password protected.

We have an on-call rotation which makes sure that there is always at least one person available to respond to security incidents and assess bug reports, and alert the rest of the team if necessary. Everyone who works at Holopin receives training on security best practices during onboarding and on a regular basis thereafter.

In the interest of our customers and users, and because it's 2022, our services use SSL certificates and HTTPS encryption to protect data in transit. The customer API is protected by an API key that can be generated and revoked by the customer at any time. Our monitoring and logging systems are configured to alert us to any suspicious activity and to record all user interactions with our platform. In addition, our bug bounty program helps us identify and fix security vulnerabilities before they can be exploited.

In accordance with our privacy policy, Holopin does not use third party cookies and we do our best to comply with the GDPR, collecting minimal user data and no personally identifiable information (PII) from our visitors and users. Any third-party analytics are anonymized, and user passwords are stored encrypted.

In the event of a security breach, we are committed to informing affected customers and users within 24 hours and working quickly to fix the issue. We also take steps to protect against phishing attempts that may impersonate our platform, and will notify users if we become aware of any such attempts. All of our databases are backed up regularly, with a minimum of one full backup per 24 hours.

If you'd like to learn more about our privacy and terms, see the links below.