Last Modified: July 13, 2018

We want you to have confidence and peace of mind every time you use Sigma. We take security seriously and protecting users and organizations  is always our first priority. We want you to have a clear idea of the steps that we take, the tools that we use, and how you can help. First of all, our user, organization, and business data is safeguarded by industry-best, market-leading security solutions in a layered security approach.

Comprehensive Encryption

All application communication is protected by enterprise-grade encryption. We utilize the latest recommended secure cipher suites to encrypt all traffic in transit. This includes TLS 1.2 protocols, AES256 encryption, and SHA2 signatures. Sigma engineers monitor the changing cryptographic landscape and upgrade our cipher suite choices as best practices evolve. At rest, all types of data are encrypted using FIPS 140-2 compliant encryption standards.

Secure Data Centers

Our production systems and data reside in top-tier third-party data centers that maintain state-of-the-art physical protection and monitoring. Our data centers hold multiple industry-recognized certifications, including FedRAMP, ISO, SOC, and PCI. Sigma’s hosting provider is also compliant with various regulations, privacy standards, and frameworks, including HIPAA, HITECH, GLBA, the EU Data Protection Directive, EU-US Privacy Shield, and FISMA.

Constant Scanning

A proactive approach to security means that our engineers stay ahead of emerging threats. That’s why we actively scan our network, our endpoints, and our source code for new security updates and modifications needed to prevent attacks.

Culture of Continuous Improvement

Staying secure is a continuous and comprehensive process. Maintaining a culture that values security and continuous improvement enables us to prevent vulnerabilities. To those ends, we train our team members throughout the year on staying vigilant against the latest attack trends and then test our staff’s awareness through realistic attack simulations—and then block any attacks as they happen.

Join the Effort

We are always looking to improve and you are welcome to help us do so. If you notice anything suspicious such as a vulnerability or what may be an attack in progress (e.g., phishing, account compromise), please contact our security team at security@sig.ma.

If you would like to ensure end-to-end privacy, please encrypt your emails using our GPG key.