Metadata's Trust and Security Commitment

Leading with integrity and a rigorous commitment to security, compliance, and privacy worldwide
A person with curly hair, wearing glasses and an orange jacket, typing on a laptop, with speech bubbles showing an orange grid and a green lock.

Why Trust Metadata?

Metadata is dedicated to maintaining the highest standards of information security, compliance, and privacy. Our proactive approach ensures that all client data is managed securely and in compliance with international regulations, providing our customers with certainty and reliability.

Download Our Certifications, Reports, and Policies

Access our latest comprehensive certifications, detailed compliance reports, and the policies governing our Information Security Management System (ISMS).

Our Certifications and Compliance Standards

The blue logo for SOC 2 Type II certification, showing a circular design with text indicating compliance with security and privacy standards

SOC 2 Type II

Reflecting our commitment to security, availability, processing integrity, confidentiality, and privacy.

Download Report

ISO 27001

Ensuring systematic and ongoing management of information security risks.

Download Certificate

ISO 27701

GDPR compliance and privacy-by-design implementation across our platform, ensuring systematic privacy management.

Download Certificate

Data Processing Addendum

Our comprehensive Data Processing Addendum (DPA) outlines how we handle your data as a processor, ensuring GDPR compliance and defining data protection responsibilities.

View DPA

Metadata’s Security Standards

Metadata’s Information Security Management System (ISMS) is structured around the rigorous standards of ISO 27001, which includes systematic management of information security risks involving people, processes, and IT systems. SOC 2 Type II Compliance ensures that Metadata continuously applies strict audit procedures to manage the security, confidentiality, integrity, availability, and privacy of customer data. These standards dictate a regular review of control mechanisms to adapt to evolving threats.

Our ISO 27701 certification adds comprehensive privacy management and GDPR compliance to this framework

Comprehensive Security Measures

Metadata employs a robust risk management framework that identifies, evaluates, and mitigates risks. This framework helps in prioritizing risks based on their potential impact and likelihood, ensuring that the most critical risks are addressed proactively through technical controls, administrative controls, and physical security measures. To protect data integrity and prevent unauthorized access, Metadata uses advanced encryption technologies both in transit and at rest. These practices are supplemented by rigorous access controls and authentication mechanisms to ensure that only authorized personnel have access to sensitive data.

Regular Audits and Continuous Improvement

Continual improvement is a core aspect of Metadata’s security ethos. The company conducts regular internal and external audits to review compliance with security policies and standards. These audits help identify opportunities for improvement and ensure compliance with evolving global security standards.

Employee Training and Awareness

Metadata understands that security involves every team member. Regular training sessions are conducted to keep employees aware of the latest security threats and best practices. This training covers topics like data privacy, cyber hygiene, and the importance of maintaining a strong security posture.

Commitment to Privacy

Metadata’s privacy policies reflect a commitment to safeguarding personal and business information. The organization adheres to international privacy laws and regulations, providing transparency on data usage, rights, and protections.

Frequently Asked Questions (FAQ)

What certifications does Metadata hold for data security and compliance?

Metadata holds three comprehensive certifications: SOC 2 Type II (operational security), ISO 27001 (information security management), and ISO 27701 (privacy management). These certifications affirm our commitment to maintaining the highest standards for security, confidentiality, integrity, availability, and privacy.

How does Metadata ensure compliance with international data protection laws?

Metadata adheres to international data protection standards by implementing comprehensive privacy policies and controls. We ensure compliance through regular audits, continuous monitoring, and updating our practices to align with legal and regulatory changes.

What measures does Metadata take to protect customer data?

We use advanced encryption technologies to protect data at rest and in transit. Additionally, we employ stringent access controls and multi-factor authentication to ensure that only authorized personnel can access sensitive information.

How often does Metadata conduct security audits?

Metadata conducts regular internal and external audits to assess and improve our security posture. These audits help us identify potential vulnerabilities and ensure ongoing compliance with our security policies and standards.

Can customers access Metadata's security policies and reports?

Yes, customers can request access to our security policies and certain compliance reports. These documents provide detailed insights into how we manage and protect data. Customers can download these resources directly from our Trust and Compliance page.

What is Metadata's incident response plan?

Our incident response plan involves immediate action to contain and assess any security breaches, followed by remediation steps and communication with affected parties. We prioritize swift action to minimize impact and restore normal operations as quickly as possible.

How does Metadata handle data breaches?

In the event of a data breach, we activate our incident response plan, which includes notifying affected users and regulatory bodies as required by law. We also take steps to investigate the breach, prevent future occurrences, and support affected users in mitigating potential damages.

What is Metadata’s approach to privacy and data control?

Metadata is committed to upholding the privacy and control of all user data. We provide transparency about how we collect, use, and share data through our Privacy Policy and Data Processing Addendum. Users can access and control their data, and make informed choices about their privacy settings.

Does Metadata have a Data Processing Addendum (DPA)?

Yes, Metadata has a comprehensive Data Processing Addendum that outlines our data processing terms and how we comply with applicable data protection laws. The DPA is accessible through our website and is an integral part of our contracts with customers.

How can users get more information or raise concerns about privacy and security?

Users can contact our support team for more information or to raise concerns about privacy and security. We are committed to addressing all inquiries and providing the necessary support to ensure user confidence in our data protection practices.

What's the difference between Metadata's three certifications?

Each certification validates different aspects of our security and privacy program:

  • ISO 27001 shows we have strong cybersecurity policies and procedures to protect against data breaches and threats
  • ISO 27701 shows we respect privacy rights and comply with GDPR and international privacy regulations
  • SOC 2 Type II proves these security and privacy controls actually work effectively in our daily operations

Does Metadata comply with GDPR and international privacy regulations?

Yes. Our ISO 27701 certification specifically validates our GDPR compliance and privacy-by-design implementation. This certification demonstrates that we have systematic privacy controls, respect data subject rights, and comply with international privacy regulations across our platform.

What does each certification actually prove about Metadata's security?

  • SOC 2 Type II: Independent auditor tested 160+ of our operational controls over 12 months and found zero deficiencies, proving our security works in practice
  • ISO 27001: We have comprehensive information security management systems that systematically protect against cyber threats and data breaches
  • ISO 27701: We implement privacy-by-design and have controls that ensure GDPR compliance and respect for data privacy rights

What is Metadata's Data Processing Addendum (DPA)?

Our Data Processing Addendum (DPA) is a legal contract that outlines how Metadata handles your data as a data processor under GDPR and other privacy regulations. It defines our responsibilities for data protection, security measures, data subject rights, and breach notification procedures. The DPA ensures that when you use Metadata as a service provider, we maintain the same level of data protection that you're required to provide to your customers.