Built Secure from the Start

Our customers rely on Addigy to manage and secure devices and the data inside them. To protect our customer’s environments, Addigy utilizes the best infrastructure, protected by top Security experts.

If you are interested in our GDPR Data Protection Agreement, please click here.

Compliance & Certifications

The Addigy MSA and DPA are supported by the people, processes, and technology necessary for the protection of customer personal data in compliance with legal and contractual obligations for regulations such as GDPR. The key activities implemented for privacy regulations are listed below.

  • Provided awareness sessions with customer-facing staff on their roles and responsibilities for compliance
  • Updated company-wide security awareness materials to include new customer personal data protection and privacy practices
  • Established and assigned data protection roles and responsibilities
  • Established privacy@addigy.com for data subjects to submit requests
  • Established and maintained registers of customer personal data collection and processing activities
  • Completed privacy risk assessment to support customer data protection impact assessments
  • Implemented SOC 2 controls to support processing activities for protection of customer personal data
  • Established Data Processing Agreement
  • Updated and reviewed the Addigy Privacy Policy, and procedures for compliance with privacy laws, regulations and principles
  • Provided MSA and DPA upon request from privacy@addigy.com to support customer compliance
  • Established a privacy-by-design methodology
  • Established Addigy Status Page and Addigy Releases Page for the full visibility and communications
  • Implemented new features to support data subject requests from customers exercising their rights to erasure and data portability
  1. What personal data is processed by Addigy? Addigy processes the following types of personal data:
  • Addigy Agent Data (Device Information such as MAC Address, Device Name, IP address).
  • User information (IP address, user activity, helpdesk tickets, satisfaction data)
  • More information is available here.
  1. What categories of individuals (e.g. data subjects) does the personal data come from?
  • Addigy processes limited personal data from Customer Addigy Devices and Environments to provide basic functionality of the product.
  1. Where does Addigy store customer personal data?
  • All customer personal data is stored by Addigy on Amazon Web Services (AWS) and Google Cloud Platform (GCP) using data centers located in the United States of America. Addigy maintains Privacy Shield certifications to provide an adequate level of protection for data transfers from the EU.
  • If you have any questions, please contact your Account Executive, Customer Success Manager, or email privacy@addigy.com.
  1. How do I obtain a Data Processing Addendum?
  1. Do you have additional GDPR information?
  • Yes, find more information here.

Security

The Addigy’s security model is an end-to-end process, spanning application, authentication, and storage, the services that power our software.

Authentication

  • Users passwords are encrypted with the strongest encryption methods available.
  • Addigy supports and includes as part of the Addigy Service multiple Multi-factor Authentication methods, SAML 2.0 Support, and OAuth 2.0 Support for enhanced user security.

Role-based Privileges

  • Role-Based Privileges enable admins to limit the permissions of some users within a team, including Help Desk, HR, or Security.
  • Privileges are built on a multi-tiered and multi-tenant system and include functionality to limit users to create, read, edit, or delete actions across the application.

Audit Logs

  • Addigy logs the relevant activity into a system that is immutable, time synced, and accessible by account admins. Event logs are fully exportable via API or can easily be searched through via the application.
  • The event logs contain: Addigy user activities, the application affected by event, status of event (success/failed), event type, timestamp, and a brief description.

Secure Internet Connectivity (HTTPS)

  • All of the Addigy application’s externally-facing services use HTTPS to ensure encryption in transit of all customer information.
  • The Addigy application uses Transport Layer Security (TLS) version 1.2 or higher to protect HTTPS communications.

Hosting Security

Addigy is built and hosted on Amazon Web Services (AWS) and Google Cloud Platform (GCP) platform along with Stripe. For more information regarding AWS and GCP Security, please view Amazon and Google’s own Security and Privacy Documentation:

https://aws.amazon.com/compliance/

https://aws.amazon.com/security/

https://cloud.google.com/security/compliance

https://cloud.google.com/security/

https://stripe.com/docs/security

Corporate Security

  • A dedicated security team, including a senior officer in the company, is chartered with ensuring the security, confidentiality, and integrity of company and customer data. Our security team performs engineering tests and educational campaigns to mitigate attacks and develop a security mindset as part of the culture of the company.
  • We actively reduce the attack surface by limiting the number of personnel with access to production, auto locking employees computers after a short period of inactivity, and utilizing commercial tools to provide a multi-layered defense.

Vulnerability Disclosure

  • Addigy has a vulnerability disclosure program available via https://addigy.com/vdp
  • If you think you’ve found a security vulnerability that affects Addigy, please use the submission form available on https://addigy.com/vdp

Securing your Addigy-managed Devices

We take the security of your Apple devices very seriously, and there are several tools available in Addigy to help you do just that. Here are just a few, and of course all of these can be configured at the policy level to help make sure you haven’t left any devices out.

Firewall Management

Enable a firewall on any machine in your portfolio, or add it to a policy to enable on a large group of machines with a few mouse clicks.

Website Blocking

Protect your network and your end-users’ data from phishing and other malware sites.

FileVault Management

Enable and manage a remote Mac's FileVault with Addigy’s FileVault-Manager tool. Even pushing FileVault keys up from the device to the Addigy account.

GateKeeper Management

Ensure that all of your Macs can only install apps from the Mac App Store or from certified developers.

Password Policy Management

Enforce light or strict password policies easily, including password complexity, length, expiration, and lockout techniques.

Catalog Security Software

Our one-click-install catalog includes industry-leading security apps, like WebRoot, AntiMalware, and MBBR by MalwareBytes. Add them to all your policies to maintain a solid baseline of security.

ScreenSaver Password Settings

Manage settings to require password immediately after screensaver is initiated.

Support available

Our team is available to immediately respond to any malicious attacks on our platform to protect our customers’ data.