Acceptable Use Policy
Accredd uses the highest caliber of data encryption and bank-level security to protect investor’s financial data uploaded to our application. Not even the issuer (or our API customer) can view or access the financial information for any given investor.
Our application is hosted by one of the largest technology cloud-computing companies in the world. So in order for hackers to hack Accredd, they would have to hack a Fortune 15 company that spends billions on both the security of their physical servers and the cyber security of their cloud products. Investors, our end users, and their financial documents are used for verification, and are immediately stored and encrypted afterwards to stay compliant with the Security and Exchange Commission. These financial documents are securely uploaded to our application and are encrypted in transit and at rest. When the documents are reviewed by any internal staff, they are viewed within a secured web browser so the documents stay in the cloud and are not downloaded to any local storage.
Accredd enforces two-factor authentication for all staff members and adds additional precautions, such as limiting application access via internet to private access points only, with staff members involved in verifications of documents. Additionally, all external users of our application are encouraged to log into our application with the use an identity provider such as Google, Apple, Amazon, or Microsoft.
Security and Protection of Financial Documents
Accredd uses 256-bit data encryption, and we encrypt files at rest and in transit. The financial documents reviewed by Accredd are not shared with any issuer, or API customer, and those documents are stored only for a period of time as deemed necessary by federal regulation, and for the use of helping the issuer stay compliant with the Security and Exchange Commission with regards to 506(c) private placement offerings. We retain your personal information related to accreditation verification for a period of 5 years in accordance with the United State’s Security and Exchange Commission’s 5-year guidelines, published in 2021. This initial 5-year period is referred to as our standard retention policy, and this helps your issuer and/or our customers stay compliant with regulations. After the retention period, your personal information is automatically set for deletion after 1 additional year, unless otherwise directed or requested by you and/or your issuer. Read more about personal information and how we use it at https://accredd.com/legal/privacy-policy.
Users of Accredd may request to have their financial documents and data deleted at any time by messaging the Accredd team within the application, or emailing email@example.com. Upon request, in writing, the user will be notified that their existing accreditation status with their issuer may be impacted as a result.
- Hosting environment via Microsoft Azure, a top-tier company and cloud infrastructure
- Numerous Azure data centers provide resiliency to external events, such as natural disasters, that might impact regional hosting
- All data centers have compliance standards for ISO 27001, NIST 800-53, PCI DSS, SOC 1 Type II, SOC 2 Type II
- All traffic transmitted securely over HTTPS using TLS cryptographic protocol
- Sensitive data encrypted to NSA standards and backed up daily
- Intensive software development cycle ensures quality software updates and releases
- Multi-factor authentication only allows authorized access
- Dedicated support team with monitoring 24/7/365
- Ongoing training for all staff on topics such as phishing, spam, and social engineering attacks
- Two-factor authentication required on all company-issued devices
- Password manager requirements for all users on all internet browsers
- Secured and private internet connection at all times