Your trust means everything to us, which is why we place such a high importance on security. We've crafted our products, processes, and systems with your safety and the protection of your data in mind.
We keep data secure in transit and at rest. In transit, data is only accessible via TLS/SSL, and at rest, data is encrypted with AES256.
Our people and systems can only access the data they need to do their job and we store your data with cloud providers who have top-tier physical security controls.
We use a global CDN to prevent network attacks and keep Diminish highly available.
Our threat detection, logging, and alerting systems notify our on-call teams about potential incidents.
We peer review and test our code prior to release, including manual and automated checks for security issues.
We only release software after qualifying it in development and staging environments.
Users can be assigned different roles to administrator or manage SaaS spending and view reports.
Diminish is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR)
We have introduced tools and processes to ensure we comply with GDPR requirements.
Diminish employs specialist external services and tools to conduct multiple different types of security assessments.
We also run weekly vulnerability scans against our production environments, and engage external penetration testers to conduct multiple penetration tests throughout the year.