TopicAnswer
Security Protocols- Role based permissioning, all data stored in AWS (Ireland)
- All Candu passwords are hashed & salted, staff cannot retrieve
Data EncryptionWe use industry-standard end-to-end encryption methods. All customer data is encrypted in transit and is only accessible via TLS/SSL and at rest with AES256.
End-user Protection- Every aspect of Candu is encrypted; we recommend enabling identify verification.
- Data is stored on AWS, stored data is encrypted using AES
CertificationsSOC2 Type I; Annual PenTest, SOC2 Type 2
DependabilityCandu uses a CDN to publish content, all components in the SDK are wrapped in error boundaries
GDPR ComplianceWith data protection and privacy built into everything we do, Candu is fully GDPR-compliant. We meet stringent international security standards, and we undertake comprehensive audits of our policies, networks, and systems to keep your information secure. The below are up to date and reflect our GDPR readiness.

- Terms of Use
- Privacy Policy
- DPA
Page SpeedsThe complete Candu package is around 113kb (unzipped) and loads sequentially after your page. The existing won’t be impacted, and the Candu content will load in near real-time with your page. Once viewed, the content is then cached as well.
SLAsMaintain 99.9% in our API & frontend assets
- Monitored via 3rd party integration, performed each minute
- Performed on 7 different locations across the world
Staged SDK ReleasesCandu only release updates to our CDN SDK after thorough testing in staging environments and stagger releases to our customer base.