[email protected]
tel: +1 (888) 738-8030
Sign in
Cradle Accounting Cradle Logo

Cradle Security

At Cradle, security is our absolute highest priority. In the spirit of openness and transparency, here are some of the security measures we take to protect and defend the Cradle platform.

SOC 2 Type 2 Compliant

To prove our high commitment to strong security, availability and privacy, we have gone through SOC 2 Type 2 certification with the help of Drata and Prescient Assurance.

We Protect Your Data

All data is written to multiple disks instantly, backed up daily, and stored in multiple locations. Files that our customers upload are stored on servers that use modern techniques to remove bottlenecks and points of failure.

Encrypting Data in Transit

Whenever your data is in transit between you and us, everything is encrypted, and sent using HTTPS.

During a user agent’s (typically a web browser) first site visit, Cradle sends a Strict Transport Security Header (HSTS) to the user agent that ensures that all future requests should be made via HTTPS even if a link to Cradle is specified as HTTP. Additionally, we use HSTS preload, guaranteeing that requests are never – not even the very first – made over a non-encrypted connection.

Encrypting Data at Rest

All data which you upload to us is stored and are encrypted at rest.

Hosted on Amazon Web Services

Cradle is hosted on Amazon Web Services (AWS). Our database is managed by AWS, ensuring redundancy, high availability and trustworthy automated, encrypted backups.

AWS is certified for a growing number of compliance standards and controls, and undergoes several independent third party audits to test for data safety, privacy, and security. Read more about the specific certifications on the AWS Compliance Programs.

Concurrency and Rate Limiting

We employ several layers to protect against abuse and DDoS attacks, such as concurrency limiting (limits number of active requests) and rate limiting (limits number of requests over time). Our servers gracefully queue requests when under high load, and handle them at a safe pace.

Organizational Practices

  • We operate under the principle of least privilege: Employees are assigned the lowest level of access that allows them to do their work.
  • Two-factor authentication is enforced in all sensitive systems.
  • All employees are required to use approved password managers to generate and store strong passwords that are never reused.
  • All employees are required to encrypt local hard drives and enable screen locking for device security.
  • All access to application admin functionalities is restricted to a small subset of Cradle staff.
  • We never store customer data on personal devices (like laptops).

Development Practices

Cradle utilizes a variety of manual and automatic data security and vulnerability checks throughout the software development lifecycle. All code changes are thoroughly tested before being pushed to production.

Penetration Testing

On top of our development-related continuous testing, we also conduct periodic third-party manual penetration testing of both our application and infrastructure.

Regularly-Updated Infrastructure

Our software infrastructure is updated regularly with the latest security patches. Our products run on a dedicated network which is locked down with firewalls and carefully monitored. While perfect security is a moving target, we work with security researchers to keep up with the state-of-the-art in web security.

We Protect Your Billing Information

All credit card transactions are processed via Stripe using secure encryption—the same level of encryption used by leading banks. Card information is transmitted, stored, and processed securely on Stripe's PCI-Compliant network.

Learn more about Stripe Security

Learn more about Stripe PCI-Compliance

Have a Concern? Need To Report an Incident?

Have you noticed abuse, misuse, an exploit, or experienced an incident with your account? Send urgent or sensitive reports directly to [email protected]. We’ll get back to you as soon as we can, usually within 24 hours. Please follow up if you don’t hear back. 

Keeping customer data safe and secure is a huge responsibility and a top priority. We work hard to protect our customers from the latest threats. Your input and feedback on our security is always appreciated.