SECURITY TRUST CENTER

At NextRoll, we take technical, administrative and organizational security measures to protect your data and provide you transparency into our process.

Customer Data Protection
learn more
Compliance
learn more
Controls
learn more
Resources
learn more

Customer Data Protection

Customer Data & Use

Data Use Across Customers

See our Privacy Policy

Pixel

See our Privacy Policy

Data Retention

See our Privacy Policy

Application Security

External Testing

We regularly crowdsource vetted researchers to look into our platform and report bugs or vulnerabilities. You can also contact us directly via email at security@nextroll.com or our support channel with information about a vulnerability.

Data Exchange

See our Privacy Policy

Regulatory Compliance

PCI-SAQ-A

NextRoll is PCI SAQ-A certified and our third-party payment processors are also PCI certified. NextRoll never possesses payment credentials.

Cyber Insurance

We can provide amounts and certificates, if required for customers and partners with an NDA.

Administrative Controls

Monitoring and Service Availability

Incident and Breach Response

In the event of a breach, NextRoll will send out a breach notification within the time prescribed by applicable law. We use scanning software to log and document the breach. We would also conduct post mortems and record steps taken to mitigate or remediate the breach. We would assist and cooperate with: the customer to investigate and mitigate the breach; supervisory or law enforcement; and provide additional notifications as required by data subjects.

SSO & MFA

Currently, we do not have SSO for our product. However, this is in progress and will be implemented in the near future. MFA is supported for the web app through SMS or software based authenticator.

In-House IT

NextRoll IT currently uses a Single-Sign-On (SSO) that enforces certain minimum requirements. Access to SaaS applications is also supported by OAuth 2 and TOTP. Local laptops enforce various minimum requirements for passwords through a laptop management solution.

Physical Security

NextRoll employs appropriate physical controls at our facilities. All visitors are required to be registered ahead of time and must check-in at the front desk. All offices use security swipe cards for access, CCTV systems are also in use.

DPA

See our Privacy Policy

Training

The Information Security Team at NextRoll strives to engage the broader company with several different levels of training. From high-level orientation to specific guidance on best practices. The goal is to empower all areas of the business with greater security knowledge.