Personal information is just that—personal. Here’s how we protect users
Consumer data is transforming business, providing more insight into those you serve than ever before. This added insight also means that companies are responsible for managing the data they collect and keeping their users safe. Hackers, malware, and even accidental data breaches all weigh heavy on security teams as potential risks to having more data than ever before.
We feel the weight of supporting sensitive data transport at Argyle. We champion a user’s right to exercise full ownership of their personal data. We empower individuals to put their employment data to work, and only share it with those they trust.
How is customer information protected?
When users grant Argyle permission to access their data, they are authorizing us to serve as their Designated Data Transfer Agent. That means, we don’t look at our users’ data, and we transfer it around only when an employee tells the system where to take it. Being the carrier of this sensitive information is a privilege that we don’t take lightly.
Customer data protection and privacy is our top priority. For the sake of our users and customers, we don't compromise or cut corners when it comes to data security. As part of that commitment, we operate with the utmost transparency. The following overview provides a high-level look at the ever-evolving security practices we have in place.
Holding ourselves to the highest cybersecurity and data privacy regulation standards
And we have the certificates to back it up. SOC 2 Type II is the most comprehensive certification within the Systems and Organization Controls (SOC) protocol. Our successful SOC 2 Type II examination attests to our rigorous compliance with these standards over a six-month look-back period. We also have an ISO 27001 certificate, demonstrating our commitment to identifying risks and putting in place rigorous, repeatable controls, assuring that our organization maintains a solid secure posture. Argyle has also achieved PCI DSS certification, showing our commitment to ensure the security of credit card data and cardholder data.
Argyle is audited annually by external independent auditors against the European Union’s General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). By complying with GDPR and CCPA we prove our commitment to protecting consumer privacy and implementing a consent based model to personal data processing.
Following encryption protocols
Powered by Google KMS, we keep all data encrypted at RSA 4096 (the same grade used by the US military) with SHA-256 signing. Data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). At rest, all data is subject to battle-proof encryption algorithms and stored using kubeseal secret management services.
Stringent network-level security monitoring and protection
Our network consists of multiple security zones, which we monitor and protect with trusted and next-generation firewalls, including IP address filtering, to insure against unauthorized access. We deploy an intrusion detection and/or prevention solution (IDS/IPS) that monitors and blocks potential malicious packets and distributed denial of service (DDoS) mitigation services powered by an industry-leading solution.
Required employee security training
Our security team comprises security experts dedicated to constantly improving the security of our organization. But your team is only as strong as it’s weakest link, which is why every Argyler is put through training to spot cybercriminals who might be on a phishing trip.
Why is it important to protect customers’ data?
When asked in our survey of part-time and gig workers, 35% said they would be willing to provide access to their real-time payroll data or bank account for a lower interest rate for a financial product. We believe this figure would be higher if users were very confident in the security of data providers and financial institutions.
It is important that people are able to use the information about themselves that they want to share to their benefit, without fear of security risks like identity theft. By earning and keeping the trust of users, they are empowered to put their data to work and unlock more options for their financial future.
Just like our data, security updates are continuous
Our work on security and consumer privacy efforts does not have an end; it's a continuous cycle of researching, revising, implementing, testing, fixing, scaling, blocking, and permissioning. We are constantly working to meet and exceed the data management expectations of regulators, and we collectively live the security processes regularly. Security and privacy are integral to our culture.