Trust Center

We innovate with trust, security, and privacy at our core

At Emplifi, we understand the value of data and the importance of protecting it. We operate in compliance with the policies outlined below and always aim to be fully transparent with our customers, partners, service providers, and web visitors.

Certifications

UK extension to EU-US Data Privacy Framework

Swiss-US Data Privacy Framework

EU-US Data Privacy Framework

SOC 2 Type II

27001

GDPR

PCI

SOC 1 Type II

CCPA

EcoVadis Bronze Sustainability Rating

Documents

Search and find answers across Emplifi’s documents.

Clear Filters

Frequently Asked Questions

Security

Do you have any certifications?

Yes, we have SOC2 and ISO27001.

How can I get a copy of the ISO27001 certificate?

You can download it here.

Do you conduct pen testing?

Emplifi conducts comprehensive, annual penetration testing of its SaaS offerings through CREST-certified, accredited external firms to ensure the highest security standards are maintained. Partnering with a CREST-certified testing provider guarantees that our security assessments are performed by experts adhering to globally recognized best practices, ensuring thorough, accurate, and industry-compliant testing.

The CREST certification provides an added layer of assurance to our clients, as it demonstrates that the testing processes meet rigorous technical, ethical, and procedural standards. Furthermore, the testing activities and any subsequent remediation efforts are validated through Emplifi’s SOC 2 Type II report, highlighting our commitment to continuous improvement, data integrity, and proactive risk mitigation.

Can I see the pen test results?

Emplifi prioritizes the confidentiality and integrity of its security infrastructure, and therefore, do not distribute raw penetration test results externally for the following reasons:

Confidentiality: The raw data from penetration tests contain sensitive information about the security infrastructure, which is proprietary and confidential to Emplifi.
Security Risks: Releasing detailed findings could potentially aid malicious actors in identifying and exploiting vulnerabilities before they are fully remediated.
Context and Misinterpretation: Without the specific context and understanding of the complex infrastructure, software architecture, and security environment, the raw data could be misinterpreted, leading to incorrect assessments of the platform’s security posture.

Emplifi’s Chief Information Security Officer (CISO) is available to discuss the comprehensive testing process, the types of tests conducted, general findings, and the steps taken for continuous improvement and remediation.

Can I have a copy of your SOC Type II certificate?

Yes, provided you have signed an NDA with us where we will then ask for a specific contact to email it to.

Privacy

What types of personal data do you collect?

We collect various types of personal data, including names, email addresses, payment information, and any other data necessary to provide our services. We limit data collection to what is necessary for our operations. You can find more information in our terms and conditions Annex 1: Specification of Customer Private Data.

How do you ensure data security?

We implement industry-leading security measures, including end to end encryption, role based access controls, and regular security audits.

Is my data shared with third parties?

We only share data with third parties when necessary to provide our services or when legally required. We ensure that all third parties comply with our privacy standards and data protection regulations. Our third parties are listed as sub processors in our terms and conditions Annex 1: Specification of Customer Private Data.

What is your data retention policy?

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected (usually contract duration plus up to 90 days) or as required by law. Once data is no longer needed, we securely delete.

How do you comply with GDPR?

We comply with GDPR by implementing data protection principles, ensuring data subject rights are respected, and appointing a Data Protection Officer (DPO) to oversee compliance efforts.

Can I access my personal data or the data as part of my Controller responsibilities?

Yes, you can submit a request through our customer support (support@emplifi.io), and we will respond in accordance with applicable data protection laws.

How do you handle data breaches?

In the event of a data breach, we have a data breach plan in place to contain the breach, assess the impact, and notify affected individuals and relevant authorities as required by law.

What rights do I have regarding my data?

This depends on jurisdiction but ordinarily you have the right to access, correct, delete, and restrict the processing of your personal data. You may also object to processing and request data portability.

How is my data protected during transmission?

All data transmitted between our users and our servers is protected using encryption protocols such as TLS (Transport Layer Security) to ensure confidentiality and integrity.

Do you conduct regular security audits?

Yes, we conduct regular security audits and assessments to identify vulnerabilities and ensure our security measures are effective. These audits are part of our SOC Type 2 compliance.

What measures are in place to protect data in the cloud?

We utilize cloud providers such as AWS that comply with strict security standards and regulations. We implement encryption, role based access controls, and regular monitoring by our VP Global Cloud and Technical Ops to protect data stored in the cloud.

How do you ensure employee compliance with privacy policies?

We provide regular training including annual mandatory training to our employees on privacy and data protection policies. Our legal team, CISO, and DPO ensure that all employees understand their responsibilities regarding data privacy.

Can I withdraw my consent for data processing?

Yes, you can withdraw your consent for data processing at any time. Upon withdrawal, we will cease processing your data unless there are other legal bases for continuing the processing.

How do you handle international data transfers?

We comply with applicable data transfer regulations, including using Standard Contractual Clauses (SCCs) to ensure adequate protection for personal data transferred outside the EU/UK to non data adequate countries.

What is your policy on children's data?

We do not knowingly collect personal data from children. If we learn that we have inadvertently collected such data, we will take steps to delete it.

How can I report a privacy concern?

You can report any privacy concerns or complaints to our DPO at support@emplifi.io. We take all reports seriously and will investigate any issues promptly.

Are your services compliant with HIPAA?

If your organization requires HIPAA compliance, we offer specific agreements and security measures to ensure compliance with healthcare data protection standards.

What happens if I delete my account?

When you delete your account, we will retain your personal data only as required by law. Otherwise, we will securely delete your data according to our data retention policy. Our privacy notices can be found here for the website, here for our products and our terms are here.

Can you provide a Data Processing Agreement (DPA)?

Yes, we provide a Data Processing Agreement (DPA) as part of our terms and conditions here.

How do you keep up with changing privacy regulations?

Our in-house legal team and very enthusiastic DPO (Data Protection Officer) continuously monitors changes in privacy regulations worldwide. We regularly update our policies and practices to ensure compliance with all applicable laws.

Do you conduct DPIAs (data protection impact assessments)?

Yes, for each product we offer the DPIA is a ‘living’ document updated by the Product lead and overseen by the DPO.

AI

What type of AI solutions do you offer?

We provide AI solutions that enhance user experience and automate routine tasks, such as predictive analytics, natural language processing, and data categorization, all classified as low-risk under the EU AI Act. For further details please contact your sales representative.

How do you ensure the ethical use of AI?

Our AI development process adheres to ethical guidelines, focusing on transparency, fairness, and accountability. We continuously monitor our AI systems to ensure they operate within these principles and conduct AI DPIAs with our Senior Director of AI research and DPO.

Is my data used to train your AI models?

We do not use customer data for training our AI models unless explicitly agreed upon. Any data used for training is anonymized and aggregated to protect individual privacy.

What measures are in place to prevent bias in AI?

We implement rigorous testing and validation processes to identify and mitigate biases in our AI algorithms. Our diverse development team also works to ensure various perspectives are considered during model training.

How do you comply with the AI Act?

We ensure compliance with the AI Act by categorizing our AI systems as low-risk, adhering to applicable regulations, and regularly reviewing our practices with our in-house legal team.

Can I customize your AI solutions for my organization?

Absolutely! We offer customizable AI solutions that can be tailored to meet your specific organizational needs, ensuring they align with your business objectives.

How do you handle data privacy with AI?

We treat data privacy with utmost importance. Our CISO and DPO oversee data protection practices to ensure compliance with privacy laws, including GDPR, and maintain customer trust.

What kind of transparency do you offer regarding AI decisions?

We provide clear documentation on how our AI algorithms work, including their intended use, decision-making processes, and the data they rely upon, ensuring transparency for our customers.

How do you ensure the reliability of your AI systems?

We conduct extensive testing and validation of our AI systems before deployment. Continuous monitoring and updates are also performed to ensure ongoing reliability and effectiveness.

Can I opt out of AI-based features?

Yes, you can opt out of specific AI-based features at any time. We provide flexible options to ensure our services align with your preferences.

How do you handle user feedback on AI performance?

We encourage user feedback on AI performance and use this input to improve our algorithms. Our customer support team is always available to address any concerns or suggestions.

What happens if there is a malfunction in the AI system?

In the event of a malfunction, we have protocols in place for rapid identification and resolution. Our support team will work promptly to restore normal functionality and inform affected users.

How do you protect against misuse of AI technology?

We implement strict access controls and monitor usage to prevent misuse. Additionally, our Senior Director of AI conducts regular audits to ensure compliance with our ethical guidelines and legal requirements.

Are your AI solutions compliant with industry standards?

Yes, our AI solutions comply with relevant industry standards and best practices, including those outlined by the AI Act, ensuring they meet regulatory requirements.

How do you stay updated on AI regulations?

Our in-house legal team and ardent DPO actively monitor changes in AI regulations and guidelines. We regularly update our practices to ensure compliance with evolving legal frameworks.

What support do you offer for implementing your AI solutions?

We provide comprehensive support, including onboarding assistance, training resources, and ongoing technical support to ensure a smooth implementation of our AI solutions.

Do you perform regular audits of your AI systems?

Yes, we conduct regular audits of our AI systems to assess compliance, identify potential risks, and implement improvements as needed. This is part of our commitment to maintaining high standards.

Can I access the algorithms used in your AI systems?

While we cannot provide direct access to proprietary algorithms, we offer detailed documentation that explains their functionality, intended use, and decision-making processes post NDA.

How do you ensure the sustainability of your AI solutions?

We prioritize sustainability by optimizing our AI algorithms for efficiency and minimizing resource consumption. We also stay informed about emerging sustainable practices in AI development.

Legal

What SLA and incident management do you offer?

Emplifi will provide the availability of the SaaS Services at 99.5% of time 24 hours a day, 7 days a week, 365 days a year. The percentage of the Services availability time is calculated on a monthly basis. Any customer support requests are to be sent to the e-mail address support@emplifi.io.

The standard support is maximum 3-hour first-response time including approach and scheduled timing is guaranteed by Provider’s Customer Support for requests sent in the standard business hours. Standard business hours are: Monday – Friday (24 hours a day). More information can be found in our SLA.

Do you offer a Data Protection Agreement (DPA)?

Yes, our DPA is part of our terms and conditions found in our terms and conditions.

Outpace your competition with easy-to-use, innovative solutions

We’re recognized as a market leader in innovation, customer support, and ease of use from these organizations.