We build security into everything we do because your trust is paramount. Every product, process, and system is designed with the protection of your data at its core.
We keep data secure in transit and at rest. In transit, data is only accessible via TLS/SSL, and at rest, data is encrypted with AES256.
Our people and systems can only access the data they need to do their job and we store your data with cloud providers who have top-tier physical security controls.
We use a global CDN to prevent network attacks and keep Diminish highly available.
Our threat detection, logging, and alerting systems notify our on-call teams about potential incidents.
We peer review and test our code prior to release, including manual and automated checks for security issues.
We only release software after qualifying it in development and staging environments.
Users can be assigned different roles to administrator or manage SaaS spending and view reports.
Diminish is committed to helping our users understand the rights and obligations under the General Data Protection Regulation (GDPR)
We have introduced tools and processes to ensure we comply with GDPR requirements.
To learn more about our GDPR compliance, please read our Privacy Link
Diminish employs specialist external services at least once a year, and tools to conduct multiple different types of security assessments.
We also run weekly vulnerability scans against our production environments, and engage external penetration testers to conduct multiple penetration tests throughout the year.