Trust Center

Start your security review
View & download sensitive information

Trust at Cresta

Trust Alliance Logo

Welcome to Cresta's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation. Our enterprise-grade security and data privacy program is designed to keep your customer data safe and secure. We rely on industry best practices, security product features, and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected. Here is an introduction to Cresta’s security and data privacy practices. Have questions? If you have additional questions about our security program please reach out to your enterprise sales representative or email security@cresta.ai

Compliance

CCPA Logo
CCPA
CPRA Logo
CPRA
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO 27001 Logo
ISO 27001
ISO 27701 Logo
ISO 27701
PCI DSS Logo
PCI DSS
SOC 2 Logo
SOC 2
TISAX Logo
TISAX
Start your security review
View & download sensitive information

Cresta is reviewed and trusted by

IntuitIntuit
PorschePorsche
CarMaxCarMax
Hilton Grand VacationsHilton Grand Vacations
Holiday Inn Club VacationsHoliday Inn Club Vacations
Brinks HomeTMBrinks HomeTM

Documents

PCI DSS
SOC 2
HIPAA Report
Network Diagram
Pentest Reports
Security Whitepaper
HIPAA
ISO 27001
ISO 27701
CAIQ
SIG Lite
VSA Core
Cyber Insurance
Information Security Program Policy

Risk Profile

Data Access LevelInternal
Impact LevelSubstantial
Recovery Time Objective4 hours
View more

Product Security

Data Security
Integrations
Multi-Factor Authentication
View more

Reports

HIPAA Report
Network Diagram
Pentest Reports
View more

Self-Assessments

CAIQ
SIG Lite
VSA Core

Data Security

Backups Enabled
Encryption-at-rest
Encryption-in-transit
View more

App Security

Responsible Disclosure
Secure Development Training
Software Development Lifecycle
View more

Legal

SubprocessorsGoogle CloudDatadog,DeepgramOpenAIFullStory
Cyber Insurance
Master Services Agreement
View more

Data Privacy

Data Privacy Officer
Employee Privacy Training

Access Control

Logical Access Control

Infrastructure

Status Monitoring
Amazon Web Services
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

IDS/IPS
Network Vulnerability Scanning

Corporate Security

Asset Management Practices
Employee Training
HR Security
View more

Policies

Information Security Program Policy

Security Grades

Qualys SSL Labs
cresta.com
A+

Trust Center Updates

Vulnerability Notification

VulnerabilitiesCopy link

Cresta is aware of CVE-2023-44487 also known as "HTTP/2 Rapid Reset attack", related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service. Mitigations were implemented to address the vulnerability.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Report Issue
Powered bySafeBase Logo