IT security and data protection are core tenets of Next Matter’s product and services. Our customers entrust us with valuable data, and we take both its security and their privacy very seriously.
Next Matter is on track to undergo the Service Organization Controls audit (SOC 2 type 2) in Q1 of 2022. Our current security standards and practices will reflect those set by the SOC 2 certification, and we anticipate full compliance in early 2022. You can read more about SOC audit and certifications here.
Data transmission between your devices and our servers is encrypted with the TLS v1.2, or newer, encryption protocol. Cyphers are negotiated between browser and server, and we only support strong ones.
Next Matter uses Amazon Web Services (AWS) cloud hosting infrastructure, hosted on servers in the European Union. We install updates and patches regularly to keep our servers up to date, and we utilize access control. Read on for more information about AWS cloud security.
For data durability, backups are replicated across multiple availability zones. Next Matter maintains business continuity and disaster recovery plans, implements extensive service monitoring, and our IT operations team is on call 24x7.
Our business operations recovery time is no more than 8 hours.
Within the Next Matter product, collaborator permissions can be managed at the organizational level and the team level. These permissions allow you to control who you share a workspace or process with and whether they can modify the workspaces or processes that you’ve shared with them.
Next Matter supports Single Sign On (SSO) for Google and Microsoft accounts. Next Matter recommends enabling two-factor authentication (2FA) for your account if you’re using SSO. We also support classic email and password login for Next Matter accounts, and will offer 2FA in the future.
Next Matter vets employees in accordance with local laws. Employees complete annual security training which covers topics such as data privacy, information security, and password security. Employee workstations are configured with full-disk encryption, strong passwords, and automatic locking.
Next Matter maintains separate production and testing environments, and we do not use customer data in development or testing environments.
Next Matter runs application-level penetration testing on an annual basis.
As part of our software development process, code and configuration changes are exhaustively reviewed. Before deployment, these changes are tested to ensure a consistent experience across all devices, platforms, and browsers that are supported by Next Matter.
If you believe you've discovered a security-related issue, please report the issue to: firstname.lastname@example.org. DO NOT provide explicit details of the issue until our security team gets in contact with you.
We maintain strict obligations to our customers’ privacy and the protection of customer information, and we comply with all applicable privacy laws and regulations set forth by governing authorities.
Next Matter does not own your data, nor do we sell it to others.
You can also sign our Data Processing Addendum by entering your information at this link. You will be able to download and review the DPA before signing it. In addition, you can find a current list of Next Matter’s data subprocessors at the end of the DPA.
At any time, you may request a custom data export from Next Matter. Please contact us using the chat functionality at the bottom, right-hand side of the screen on your desktop or mobile device.