Our security and compliance measures tick all the boxes
We support your need for data security and unbiased assessments
Product Security
Security-by-design
Security-by-designHackerEarth has adopted a Security-by-Design approach for software development that seeks to minimize system vulnerabilities and reduce the attack surface through designing and building security in every phase of the SDLC.
This includes incorporating security specifications in the design, continuous security evaluation at each phase, and adhering to best practices.
We have secure development practices in place and our developers are trained regularly. We logically and physically segregate development, test, and production environments.
Password Management
Password ManagementWe follow industry best practices for our password policy at HackerEarth. These include the following:
- The length of the password should be a minimum of 8 characters.
- Each password must be a combination of alphanumeric and special characters.
- The password history policy is 10 passwords.
- The password age is 60 days.
- HackerEarth Assessments uses the PBKDF2 algorithm with the SHA-256 hashing.
- We also support the SSO mechanism for authentication.
Risk Management
Risk ManagementRisk assessment is done on a periodic basis and whenever there is change.
All risks are recorded, controlled, and monitored.
Cryptographic Controls
Cryptographic ControlsCryptographic measures are put in place to protect data at rest, in transit, and in process. We use AWS to host all our data securely with cryptographic key management. We also use SSL/TLS 1.2 is set for end-to-end communication between a browser and a server to protect request payloads. Non-SSL page requests are redirected to their SSL pages.
Incident Management
Incident ManagementIncidents are regularly recorded and monitored. We have a dedicated email ID where users can report incidents to support@hackerearth.com. Any incidents impacting customers will be reported based on severity.
Business Continuity
Business ContinuityWe use AWS as the hosting web server. For high availability, we have servers in three availability zones.
Infrastructure Security
Infrastructure Security
HackerEarth has implemented the Sqreen application security platform, which protects applications by preventing data breaches, stopping account takeovers, and blocking business logic attacks. This increases visibility by monitoring incidents in real-time, streamlining incident response management, and automates application inventory. It also secures code by finding critical threats, fixing vulnerabilities, and integrating security into the SDLC.
We ensure encryption of information at rest, in transit, and in use inline with the best security practices of the Cloud Security Alliance. We have implemented the AWS S3 bucket policy that only allows objects encrypted by AWS KMS to be stored.
Vulnerability assessment is done internally on a regular basis. We also get penetration testing done annually by third parties. New patches, hot-fixes, patch clusters are tracked and implemented in a timely manner to prevent vulnerabilities from being exploited.
Diligent Organizational Security
HR and Training
HR and TrainingMandatory training and adherence to confidentiality and code of conduct.
Well-qualified personnel are hired and they are screened before hiring. All employees are required to sign an NDA, Code of Conduct, and confidentiality agreements when they join HackerEarth. Training is provided during onboarding and at least annually thereafter. Any breach or violation of HackerEarth's policies will result in disciplinary actions being taken.
Asset Management
Transparent asset inventory, classification, movement and disposal.
Asset inventory is maintained for all the assets of the organization. Asset owners are identified, classified & labeled based on HackerEarth's classification scheme and handled accordingly. Movement of assets is recorded in asset movement registers. Disposal of assets is done as per HackerEarth's asset disposal procedure.
Access Management
Strict access control policy, based on role and requirement.
HackerEarth has an access control policy in place. User access will be provided on a need-to-know basis only depending on their role in the organization. All users have unique credentials and user IDs are reviewed on a regular basis. Logs of admin user activities are maintained.
Third-Party Processors
Here's an exhaustive list of the third-party processors that HackerEarth uses and the services that they provide.
| Third-Party Processor | Services |
|---|---|
| Sendgrid | Email service provider Stores and processes users emails |
| Plivo.com | Automated OTP SMSs and calls Stores and processes users phone numbers |
| Twilio | Automated OTP SMSs and calls Stores and processes users phone numbers |
| Amazon | AWS Cloud Infrastructure |
| Landbot | Automated chat bot on our b2b website page Stores users email IDs |
All our third-party service providers are certified for industry best standards and regulations including GDPR, EU-US Privacy Shield, ISO 27001, ISO 27017, ISO 27018, SOC 2 Type II and so on.
Rest easy, we've got this!
Request a demoData Protection - FAQs
Will you process my personal data for yourself or on behalf of another party?
We will only process your personal data if we have a lawful basis for doing so, which includes but is not limited to, the following: consent, contractual necessity, and our legitimate interests or the legitimate interest of others.
Do you process data yourself or do you use third-party processing services such as rent servers?
We do not share, rent, or sell your personal data to third parties unless you have granted us explicit permission to do so.
Will you handle my data securely? What security measures do you take?
Yes, we handle your data securely using the following cryptographic measures:
- At rest: Encrypted with the AES 256 Algorithm
- In transit: Data transport is protected by TLS 1.2 with the RSA 2048-bit private key
- In processing: Controlled access to data with two-factor authentication
Who can access the personal data within your company? Are there different levels of access for different positions?
Other than monitoring activities, within HackerEarth, nobody has access to customer data. Yes, there are different levels of access based on roles.
Do you have a system of logs that records who and when enters personal data you process, modifies, erases, or accesses them?
Yes, we maintain user activity logs.
Who do you get the data from—a data subject or from a Controller?
Depending on the kind of service, we get data from both a data subject and from a Controller too.
What categories of personal data do you collect?
We collect the following Personal Data about you:
- Name (first name/last name/full name)
- Title
- Email ID (both personal and professional)
How long will my data be stored for? What criteria do you use to determine that period?
Your data is retained with HackerEarth for as long as you have a HackerEarth account. You can request that we delete some or all of your Personal Data from our systems. While this will be done immediately, residual data may be saved in certain logs and this will be purged within a year of deleting your data.
How can I request that you erase my personal data?
To request that we erase your personal data, send us an email at support@hackerearth.com