Compliance

On top of Shuffle's commitment to securing how we use and protect your personal data (see points below, which aslo be found here), Shuffle is SOC2 and ISO 27001 complaint.

• Encryption: Shuffle utilizes Google Cloud Platform's Datastore and Google Cloud Storage. We encrypt all your data by default, and have extra mechanisms for API-keys and secrets inserted. All our code for encryption can be accessed here.
• Session Management: Utilizing Google Cloud Platform and internal audit logs, we track all sessions and changes in Google Cloud's Cloud Logging.
• Two-factor authentication and Single Sign-on: Shuffle has added SSO and Two-factor authentication to any user for free, protecting from fraudulent access of your Shuffle account. Read more here on SSO and MFA.
• Organization data access: We do not permit our team direct access your organization or data within the Shuffle platform without your explicit consent. During support investigations, we may utilize internal tools to simulate your user, but will never directly get information about you or your organization from our data storage solutions. To learn more about organizations, click here.
• Data processing usage: We store your data for 3 years by default, to be used in an anonymous and sanitized way, to create algorithms for better workflow autocompletion.
• Sharing of data with 3rd parties: Shuffle does not share data with any 3rd parties, except our support partner Infopercept. We do however have third party services where your data may be stored - all listed in the segmented details below.

SOC2

Find the SOC2 compliance requirements and fullfilment here.

ISO 27001

Find the ISO 27001 compliance requirements and fullfilment here.