🚀 We're hiring, check out our careers page to join our team!

Security Background

Hull is committed to storing your data securely. Therefore, we have implemented technical and organizational security measures in an effort to safeguard the personal information in our custody and control. We aim to eliminate unauthorized or unlawful processing of your personal data or accidental, unauthorized or unlawful access, use, transferring, processing, copying, transmitting, alteration, loss or damage of your data.

We will take certain measures to protect your data, including but not limited to: using cryptography, where necessary; using passwords or secured token protection, where necessary; and restricting access to your data to certain personnel.

To provide you with increased security, access to certain personal information stored in your account is protected with your username and password. You are responsible for maintaining the confidentiality of your credentials, and we strongly recommend that you do not disclose your account username or password to anyone. We will never ask you for your password in any unsolicited communication. Please notify our security team immediately of any unauthorized use of your account credentials or any other suspected breach of security at security@hull.io.

Infrastructure and Partnership Security Agreements

Hull utilizes Amazon Web Services for our platform infrastructure. Our customers also benefit from Amazon Web Services Cloud Compliance security and privacy measures including ISO and SOC certifications.

For more information on Amazon Web Services Cloud Compliance please visit their website.

Hull also employs several cloud management companies for data transmission and storage. We require that our data partners maintain strict compliance and security hygiene. As such, our partners maintain but not limited to a SOC2 compliance and ISO certification listed on their websites.

For more information on Heroku compliance, please visit their website.

For more information on Elastic compliance, please visit their website.

For any additional questions, please contact us at security@hull.io.

Third-Party Data Sharing

Hull employs a number of third party services in order to operate to the high standards of our customers. We perform adequate due diligence on these companies and the countries they operate in. While these services may, at times, require your personal data, we limit the use of it under strict conditions.

International Data Transfers

Hull is a global company. Our headquarters is in Atlanta, GA, United States, and we have a satellite office in Paris, France. We may transfer personal data outside of the country it was collected in or outside of the European Economic Area ("EEA").

All international data transfers are performed under the strict safeguards mentioned above. When transferring personal data outside of the EEA, we comply with the applicable legal requirements of providing adequate safeguards.

We are EU-U.S. Privacy Shield certified and our FR subsidiary is GDPR compliant. The same high standards of data protection and data privacy required by the GDPR are implemented throughout our company.

Whenever we transfer personal data out of the European Economic Area (EEA), we will comply with the applicable data protection law.

EU-U.S. Privacy Shield

Hull complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. Hull has certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, please visit https://www.privacyshield.gov/.Hull is responsible for the processing of personal data it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. Hull complies with the Privacy Shield Principles for all onward transfers of personal data from the EU, including the onward transfer liability provisions.

In compliance with the Privacy Shield Principles, Hull commits to resolve complaints about our collection or use of your personal information. EU individuals with inquiries or complaints regarding our Privacy Shield policy should first contact Hull at security@hull.io.

Under certain conditions, and as a last resort, it may be possible for you to invoke binding arbitration for complaints regarding Privacy Shield compliance not resolved by any of the other Privacy Shield mechanisms. For additional information, see the U.S. Department of Commerce’s Privacy Shield Framework: Annex I (Binding Arbitration).

The Federal Trade Commission has jurisdiction over Hull’s compliance with the Privacy Shield. Hull is required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

General Data Protection Regulation (GDPR)

Hull is committed to compliance with the General Data Protection Regulation (GDPR), which went into effect May 25, 2018, and applies to individuals in the European Union. Please contact us to have an in-depth conversation about Hull’s approach to GDPR and Trust. Please also get in touch to receive our Data Processing Agreement (DPA) from security@hull.io.

Penetration Testing

The Hull Platform undergoes regular penetration testing by independent third parties to ensure that our platform is secure. To get a copy of our test results please send inquiry to security@hull.io.

On-Call Policy

We have a global support network of engineers who work very hard to keep Hull running at all times. We have an on-call policy for our engineers to be available in case of an emergency.

Data Backup

Hull’s platform has built-in, automatic back-ups.

Infrastructure Backup

All Hull infrastructure is replicated and backed up.

Workflow Backup

Hull stores snapshots of our customers’ business logic so we can revert them if necessary.