Security Policy

This page outlines the security measures, principles and practices in CommPeak in regards to data security. Now you can make sure you made the right choice!

Overview of CommPeak Security

Your calls and private data are safe with CommPeak. There are a number of steps we take to ensure and respect your privacy.

However, the measures we take to provide our clients and the visitors of our website a safe experience are not tied to just legal requirements (such as the General Data Protection Regulation, etc.) We believe we have a moral and ethical obligation to safeguard privacy.

Security Levels

Physical Security

Our services are hosted in AWS, GCP, Hetzner, LeaseWeb and more. All our hosting partners are ISO 27001:2013 compliant.

For instance, data center parks are protected from fire and natural disasters. Only authorized personnel can access via electronic access control terminals with a transponder key or admission card. Data parks are under 24/7 surveillance and are equipped with diesel power generators for autonomous mode.

Network Security

CommPeak’s network security team protects your data against the most sophisticated electronic attacks. We use the best and proven practices of network security.

CommPeak offers the following preventive measures:

  • Network firewalls;
  • DDoS preventions;
  • Network posture assessment.

Application Security Layer

  • Firewalls are in place exposing only the necessary ports through the internet and between different servers.
  • We validate all requests to ensure the security on the application level.
  • CommPeak transmits data from the visitor's browser to our system using HTTPS.

The data in transfer is encrypted by SSL protocol and ciphers.

Certification & Compliance

EU GDPR

CommPeak is in the process of complying with ISO 27701:2019, which complies with the EU GDPR. It is expected to be complete in May 2021.

PCI DSS

CommPeak uses WorldPay and PayPal to accept payments. Both providers are certified PCI Level 1 Service Providers, the most stringent level of certification available in the payments industry. CommPeak does not store or process any of your payment data.

ISO/IEC 27001:2013

CommPeak is currently pending for ISO 27001:2013 certificate. It is expected to be complete in February 2021. Our various partners’ datacenters are compliant with ISO/IEC 27001:2013.

How to report a security vulnerability?

If you believe you’ve found a security vulnerability in our platform, please contact us at [email protected]. Also, include the following to help investigate the case:

  • Description of the location and potential impact of the vulnerability
  • A detailed description of the steps required to reproduce the vulnerability (POC scripts, screenshots, and screen captures are all helpful to us).

Need more details or have any questions?

If you have any questions or suggestions, please send them to [email protected].