FAQs

Security Protocols

• Role based permissioning, all data stored in AWS (Ireland)
• All Candu passwords are hashed & salted, staff cannot retrieve

Data Encryption

We use industry-standard end-to-end encryption methods. All customer data is encrypted in transit and is only accessible via TLS/SSL and at rest with AES256.

End-user Protection

• Every aspect of Candu is encrypted; we recommend enabling identify verification.
• Data is stored on AWS, stored data is encrypted using AES

Certifications

SOC2 Type 2; Annual PEN Tests

Dependability

Candu uses a CDN to publish content, all components in the SDK are wrapped in error boundaries

GDPR Compliance

With data protection and privacy built into everything we do, Candu is fully GDPR-compliant. We meet stringent international security standards, and we undertake comprehensive audits of our policies, networks, and systems to keep your information secure. The below are up to date and reflect our GDPR readiness.

• Terms of Use
• Privacy Policy
• DPA

Page Speeds

The complete Candu package is around 113kb (unzipped) and loads sequentially after your page. The existing won’t be impacted, and the Candu content will load in near real-time with your page. Once viewed, the content is then cached as well.

SLAs

Maintain 99.9% in our API & frontend assets

• Monitored via 3rd party integration, performed each minute
• Performed on 7 different locations across the world

Staged SDK Releases

Candu only release updates to our CDN SDK after thorough testing in staging environments and stagger releases to our customer base.