Netomi cares about the security of our platform and about the security of your data. We understand how critical maintaining consumer trust is and how trust is rooted first and foremost in protecting personal data. We operate a highly secure platform while addressing all relevant legal, industry, and regulatory concerns – not just in the United States, but around the world.
Regulations and Standards
Netomi’s information security requirements change frequently in response to the evolving threats we face. We have dedicated resources to manage our Information Security System. We maintain a Security Advisory Board that actively monitors and takes appropriate actions based on external and internal threats/vulnerabilities.
Netomi’s cybersecurity framework is ISO 27001 certified to ensure we meet standard industry practice. Our framework includes SOC 2 Type II assessments, HIPAA assessments and PCI compliance to ensure we align with external requirements globally. We use various policies/procedures and tools to monitor, report and action based on the defined controls of our Statement Of Applicability (SoA).
We’re fully GDPR compliant, which means we protect personnel data and privacy of EU citizens for transactions that occur within EU member states. We are fully compliant with PDPA, the Singapore personal data protection act, as well as the UK Cyber Essentials requirements..
Risk Management Program
Netomi uses the NIST CyberSecurity Framework (CSF) and ISO 31000 to guide and manage our cybersecurity-related risks. These frameworks provide guidance to ensure a policy framework is in place to assist Netomi to assess and improve our ability to prevent, detect and respond to cyber attacks.
Business Continuity and Operational Management
Netomi has a Business Continuity Plan which manages the Business Continuity Program and coordinates global activities. Netomi relies on AWS’s platform to ensure continuous DR testings are performed. Netomi has a dedicated recovery planning team and ensures that essential services are identified to comply with our communications and IT systems are available to support employees and clients.
Audit Assurance and Compliance
Netomi is independently reviewed and assessed to ensure all nonconformities of established policies, standards, procedures and compliance obligations are addressed. Internal and external audits are completed against controls that align with SOC 2 TYPE II, ISO 27001, HIPAA and PCI Compliance.
Vulnerability Management
Netomi is certified by a reputed third party agency for successfully undergoing penetration and vulnerability tests. These penetration testings are conducted by an independent third-party agency on a regular basis. For penetration testing, Netomi provides the agency with an overview of application architecture and information about system endpoints and information about any security vulnerabilities successfully exploited through penetration testing which is used to set mitigation and remediation priorities.
Data Privacy and Protection
Netomi respects your privacy and recognizes the importance of your personal information. We are committed to protecting your information through our compliance with this Privacy Policy.
This Privacy Policy describes the types of personal information we may collect when you visit the Netomi website (our “Website”), use our chatbot services in a mobile application, sign up for a demonstration of our chatbot services, create a chatbot account with us, or otherwise communicate with us (collectively, our “Services”) and our practices for using, maintaining, protecting and disclosing that information.
For more information please visit: https://www.netomi.com/privacy-policy
Complaints or Questions
For any questions, please contact us at support@netomi.com and our data security team will follow up.
Data Privacy Concerns
To contact our data privacy team, please email dpo@netomi.com