Updates

Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Welcome to Cresta's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation. Our enterprise-grade security and data privacy program is designed to keep your customer data safe and secure. We rely on industry best practices, security product features, and comprehensive audits of our applications, systems, and networks to ensure that your data is always protected. Here is an introduction to Cresta’s security and data privacy practices. Have questions? If you have additional questions about our security program please reach out to your enterprise sales representative or email security@cresta.ai

Start your security review
View & download sensitive information
Intuit-company-logoIntuit
Porsche-company-logoPorsche
CarMax-company-logoCarMax
Hilton Grand Vacations-company-logoHilton Grand Vacations
Holiday Inn Club Vacations-company-logoHoliday Inn Club Vacations
Brinks HomeTM-company-logoBrinks HomeTM

Documents

PCI DSS

Trust Center Updates

Updates

GeneralCopy link

Cresta is aware of the ongoing CrowdStrike incident, but is not affected by it. We are closely monitoring the situation and are staying in contact with CrowdStrike.

Published at N/A

Third-party audits

ComplianceCopy link

Cresta updated its Trust Center with new audit reports for SOC2 Type II, ISO27001/27701 and HIPAA.

Published at N/A

Vulnerability Notification

VulnerabilitiesCopy link

Cresta is aware of CVE-2024-3094, related to malicious code being embedded in XZ Utils versions 5.6.0 and 5.6.1. Cresta does not use the affected versions.

Published at N/A

Cresta is aware of CVE-2023-44487 also known as "HTTP/2 Rapid Reset attack", related to HTTP/2 capable web servers where rapid stream generation and cancellation can result in additional load which could lead to a Denial of Service. Mitigations were implemented to address the vulnerability.

Published at N/A

Subprocessor Notification

SubprocessorsCopy link

Cresta added MosaicML as a sub-processor for LLM model inference.

Published at N/A

Cresta added Atlassian as a sub-processor for project management / ticketing.

Published at N/A

Cresta added Fireworks.ai as a sub-processor for LLM model inference.

Published at N/A

Effective February 14, 2024, Cresta has discontinued using Optimizely.

Published at N/A

If you think you may have discovered a vulnerability, please send us a note.

Powered bySafeBase Logo