Security Policy


Whippy is committed to complying with all applicable country laws and regulations in which we operate. Our security policies and practices align with the ISO risk framework, and all customer data is hosted in data centers that are SOC2, ISO 27001 and HITRUST compliant. These data centers also support the storage of PHI in compliance with HIPAA.


Whippy follows industry standards and best practices for protecting your data. This includes encryption of data in transit and at rest, security monitoring and logging, enterprise-class endpoint detection and response solutions, continuous integration and deployment, application security testing and scans, incident response, security awareness training, and secure development lifecycle, just to name a few.


As privacy legislation and regulations continue to evolve, Whippy remains dedicated to protecting the privacy of your data by staying up-to-date on the latest privacy requirements of all regions in which our customers operate. More information is available in Whippy's Privacy Policy.