Our third-party tools and vendor due diligence

How SafeKeep evaluates tools and providers for safety and compliance

At SafeKeep, protecting your personal information is central to our mission. That commitment extends beyond our own systems to every third-party service we work with. Before using any external tool, we carry out a full due diligence process to ensure it meets strict requirements for security, privacy, and operational reliability.

Why vendor checks matter

We rely on trusted services to help deliver features such as secure file storage, authentication, payment processing, and support. Any weakness in those tools could pose a risk to your data. That is why we only work with vendors who demonstrate robust protection standards and a clear commitment to user safety.

Which types of vendors we assess

We apply full security and compliance checks to vendors that:

  • Store or process any customer data
  • Handle document uploads, downloads, or backups
  • Support billing, identity verification, or authentication
  • Provide customer messaging, support, or AI-powered features

We also use internal tools for tasks like design, project tracking, or team collaboration. While these do not access user data, we still assess them for overall security hygiene.

Our core requirements

For vendors that handle any customer-related data, we require:

  • Data encryption: Information must be encrypted both at rest and in transit using AES-256 or equivalent standards.
  • Authentication and access control: Tools must offer multi-factor authentication, role-based permissions, and secure login options.
  • Certifications and compliance: Vendors must meet at least one of the following: ISO 27001, SOC 2 Type II, GDPR, CCPA, or HIPAA (if applicable).
  • Incident response plans: Vendors must have clear policies for reporting, resolving, and learning from security incidents.
  • Data handling transparency: This includes clear terms around data residency, data deletion, and whether any subprocessors are involved.
  • Performance standards: Services must commit to at least 99.9 percent uptime and support scalable infrastructure.
  • Ethical practices: If a vendor uses AI, it must follow ethical AI guidelines and ensure data is not exploited or misused.

Our due diligence process

Before adopting any vendor, we follow this multi-step review:

  1. Initial review: We research the vendor’s background, security certifications, policies, and incident history.
  2. Security questionnaire: Vendors complete a review of their access controls, data handling, encryption, and compliance.
  3. Legal and contractual checks: We review the vendor’s terms of service, privacy policy, and any necessary data processing agreements.
  4. Technical and performance testing: We test the tool to ensure compatibility with SafeKeep’s infrastructure and secure integration.
  5. Final approval: Leadership signs off on the tool only if it meets all criteria for security, reliability, and data protection.

Ongoing reviews

Vendor risk is not a one-time decision. SafeKeep re-evaluates key vendors on a regular basis, including security reviews, incident tracking, and updated certifications. If a vendor falls short of our standards, we either request corrective actions or end the partnership.

Protecting your trust

This careful selection process means that any third-party service used by SafeKeep must meet high standards for security and user safety. You can trust that your data is handled with care not only by us, but by the infrastructure we rely on. Every tool we approve is chosen with your privacy, your safety, and your long-term peace of mind in mind.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us