We ensure Patch meets industry standard compliance.
We use industry best practices to secure Patch’s services.
We train every employee on security and privacy policies.
We develop products with security, privacy & quality in mind.
SOC 2 Type II Certified
Patch’s SOC 2 Type II report includes the trust services categories of Security, Confidentiality, and Availability, and is audited annually.
Patch is HIPAA compliant.
Patch is GDPR Compliant.
Patch is CCPA Compliant.
DATA & INFRASTRUCTURE SECURITY
Secure infrastructure provider
We host all of our data in physically secure, U.S.-based leading cloud provider facilities that include 24/7 on-site security, camera surveillance, and more.
Strict access controls
Access to all Patch systems is managed through our identity provider, which automates user provisioning, enforces passwordless MFA, and logs all activity.
Server security & monitoring
All servers are configured using a documented set of security guidelines, and images are managed centrally. Changes to the company’s infrastructure are tracked, and security events are logged appropriately.
Formal security policies and incident response plan
Patch maintains a set of comprehensive security polices that are kept up to date to meet the changing security environment. These materials are made available to all employees during training and through the company’s knowledge base.
Continuous security training
Patch provides continuous education on emerging security threats, performs phishing awareness campaigns, and communicates with employees regularly.
Development and change management process
Code development is done through a documented SDLC process, and every change is tracked via GitHub. Automated controls ensure changes are peer-reviewed and pass a series of tests before being deployed to production.
Third-party vendor security review process
We ensure that all of our third-party apps and providers meet our security data protection standards before using them.
REST, GraphQL or gRPC. Access your company’s data with the same API types as the rest of your application, using the client of your choice.
Deployed immediately. No need to wait for infrastructure teams to stand up pipelines and databases before you can start coding.
Create a Dataset -->
Notifications, CRMs, billing, marketing automation, incident response, inventory management, and so much more.
Password-less MFA and tenant-isolated architecture ensures data is safe & secure.
Patch Connect makes it easy for end users to request access to the data warehouse and for DBAs to grant it.
Patch's credential storage, access management, and object graph API makes it easy to limit your compliance exposure.