Compliance & Data Privacy
DataDome is proud to be SOC 2 Type 2 compliant. An independent auditor, Coalfire, has evaluated our product, infrastructure, and policies, and certifies that DataDome complies with their stringent requirements for Security, Confidentiality, and Availability trust service principles. A copy of DataDome SOC 2 Type 2 report can be requested through your account manager.
EU & UK GDPR
DataDome Safeguards End-User Privacy
Information contained in either the HTTP POST requests or response body IS NOT collected (e.g. name, email address, credentials, phone number, payment information, information provided when filling forms, details of transactions, etc.).
A complete list of details is publicly available here: docs.datadome.co/reference. The specified data is solely used for detection and security purposes and not shared with any third party.
Where is the data stored?
Data collected is stored using high-performing security standards, including Tier3 data centers, HTTPS connection, OAuth2 authentication delegation, and encryption (TLS/Ipsec VPN). The default retention period (30 days) can be decreased by DataDome customers through their dashboard or with help from the DataDome Success Team. All customer data is deleted within 15 days after the end of a contract.