Capillary acquires US-based Brierley+Partners    Read more >

Capillary named a Leader in The Forrester Wave™: Loyalty Technology Solutions, Q1 2023 Report     Read more >

Capillary, through its Software As A Service (SaaS) products, helps large corporations around the world to grow amidst changing consumer expectations, collect more data and insights into their consumers and business with Capillary’s comprehensive AI powered consumer experience platform. Capillary platform provides enterprise-ready security features enabling its customers operate safely.


Capillary is ISO 27001:2013 and PCI DSS 3.2.1 compliant and certified.
Capillary is compliant to global privacy regulations, including European Union (EU) General
Data Protection Regulation (GDPR).


Governance And Organization Of Information Security

  • Capillary Information Security Management System (ISMS)
    based on ISO 27001:2013 and Payment
  • Card industry Data Security Standard (PCI DSS) v3.2.1
  • Risk assessments, internal audits, external audits
  • Metrics based governance

Secure by design and default

  • Security participation in product road map
  • Security risk assessment of changes
  • Automated security controls in release process
  • System hardening policies automated for all Automated system hardening

People as the Security Perimeter

  • Background verification of employees by reputed third party organization
  • New joinee induction into security policies and processes
  • Periodic security awareness workshops

Protection of Data

  • All data provided by customer protected as “Confidential Information”
  • Access managed on the principles of Minimum need-to-do/know and Segregation of Duties (SoD) principles
  • Two Factor Authentication (2FA) based login
  • Role Based Access Control (RBAC)
  • Data at Rest protected using advanced standards (AES 256)
  • Data in Transmission protected using HTTPS TLS 1.2
  • Customer data isolation through unique IDs at the API layer limiting access
    of data only to the respective customer
  • Highly available systems and near real-time data replication across geographically dispersed data centers providing Recovery Time Objective (RTO) of 4 hours and Recovery Point Objective (RPO) of 30 minutes
  • Recovery plans are tested annually and on major changes.

Perimeter and End-point security

  • Anti-DDOS, Firewalls and Web Application Firewalls
  • VPN, SSH based login and centralized access control for production engineers
  • Anti-virus protection and patch management for end-points
  • Malicious code prevention
  • Secure FTP services for one-time / offline data transfer

Incident Management

  • Policy and plan driven incident management
  • Automated log monitoring and alerting using context
    based Security Incident and Event Management (SIEM) System
  • Automated log monitoring and alerting using context based Security Incident and Event Management (SIEM) System
  • 24 x 7 response center

Application Security

  • Secure coding practices and secure code review
  • Pre-release internal security testing for all releases, based on OWASP, SANS 25
  • Annual external (3rd party) security testing
  • Authentication API calls and API rate limiting
  • Production environment segregated from non-production environment

If you have any questions, get in touch with or report incidents please write
to or request your Capillary Account/Sales Manager
to set up a call with the Capillary Information Security team.

    [shield-notbot-nonce] => 41e4be1a96
    [wp-wpml_current_language] => en