New Year. New Me. ‘nuffsaid is now TheySaid!

Security at TheySaid



Security embedded into our system

Security is built into the fabric of our cloud products, infrastructure, and processes, so you can rest assured that your data is safeguarded.

Google trusts only 67 companies with sensitive access to OAuth, and TheySaid is one of those companies. TheySaid uses enterprise-grade security and regular audits to ensure you’re always protected. We undergo regular penetration testing and security reviews designed to be SOC 2 and ISO 27001 compliant. This commitment to security is ingrained in our culture.

Application security

  • Encryption

    Data is encrypted in transit with TLS 1.2. Data is encrypted at rest with AES.

  • Continuous Monitoring

    Independent third-party penetration, threat, and vulnerability testing.

  • Data Handling

    TheySaid is in full compliance with GDPR and has support for data deletion.

  • SSO

    User access controls with single sign on.

  • Secure Hosting

    TheySaid’s cloud environments are backed by Google Cloud’s security measures.

  • RBAC

    Role based account access workflows.

Continuous security commitment

Penetration Testing

We perform an independent third-party penetration test at least annually to ensure that the security posture of our services is uncompromised.

Security Awareness Training

Our team members are required to go through employee security awareness training covering industry standard practices and information security topics such as phishing and password management.

Third-Party Audits

Our organization undergoes independent third-party assessments to test our security controls.

Roles and Responsibilities

Roles and responsibilities related to our information security program and the protection of our customer’s data are well defined and documented.

Information Security Program

We have an information security program in place that is communicated throughout the organization. Our information security program follows the criteria set forth by SOC 2 (and ISO 27001 soon).

Continuous Monitoring

We continuously monitor our security and compliance status to ensure there are no lapses.

Report vulnerabilities

Found a potential issue? Please help us by reporting it so we can fix it quickly.