Thnks is ISO/IEC 27001 Certified and SOC 2 Type II Compliant

The international acceptance and applicability of both ISO/IEC 27001 certification and SOC 2 Type II compliance are key reasons why these standards are at the forefront of Thnks’ approach to implementing and managing information security. Thnks’ achievement of both ISO/IEC 27001 certification and SOC 2 Type II compliance point to its commitment to making good on customer promises from business security standpoints.

Learn about the benefits of ISO/IEC 27001 on Thnks Platform:
Review the ISO/IEC 27001:2013 information security management standards

Learn about the benefits of SOC 2 Type II on Thnks Platform:
See the SOC 2 Type II criteria

Security Topics and FAQs

Quick Navigation

• Resilience & Availability
• Datacenter Protections
• Software Security
• Audits, Vulnerability Assessment & Penetration Testing
• Escalation Policies and Procedures
• Information Requests
• Anonymous Hotline
• Vulnerability Disclosure
• Data Protection and Use Addendum
• Data Request for Erasure
• Google API Services User Data Policy

 Empty heading

Resilience & Availability

Will Thnks software be available?

Yes! Thnks availability is consistently above 99.99%. Customer data is 100% backed up to multiple online replicas with additional snapshots and other backups.

Does Thnks monitor its systems and software?

Yes! Our operations teams monitor software and application behavior 24x7x365 using proprietary and industry-recognized solutions.

Does the Thnks software contain system redundancy?

Yes! Databases, application servers, web servers, jobs servers, and load balancers as well as backend support services all have multiple failover instances to prevent outage from single points of failure.

Does Thnks encrypt data in transit?

Yes! Sessions between you and your portal are always protected with top end in-transit encryption, advanced TLS (1.2+) protocols, and 2,048-bit keys.

Is my website or data protected by a Web Application Firewall and network firewall?

Yes! Thnks prevents attacks with sophisticated monitoring and protections including a high-grade web application firewall and tightly controlled network-level firewalling. In addition,

Does Thnks incorporate security into its software development lifecycle (SDLC)?

Yes! Thnks code is high quality from conception to deployment. We use automated static code analysis alongside human review to ensure development best practices are implemented across our thousands of daily code pushes. Responsive software development means new features, resiliency improvements, and bug fixes arrive hundreds of times a day, seamlessly.

Datacenter Protections

Are physical security protections in place to protect my data?

Yes! Thnks products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled and monitored by security staff, tight access control, and video surveillance. Our data center partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.

Software Security

Can the Thnks software respond quickly to new security needs or threats?

Yes! Between our streamlined, rapid approach to application delivery and our highly automated server infrastructure, Thnks quickly addresses security issues as they arise. These technology and process structures allow Thnks to rapidly adapt as new threats are identified.

Does the Thnks infrastructure detect and prevent attacks?

Yes! Thnks uses enterprise-grade firewalling, routing, intrusion prevention, and behavior analytics capabilities to protect infrastructure and thwart attacks.

Does Thnks rapidly patch and update when vulnerabilities are identified?

Yes! Thnks patch management process pushes security updates fast and consistently. In most situations, patching is handled by deploying new server instances with the most up to date patches and de-provisioning out of date servers.

Does Thnks have an incident response program?

Yes! Thnks incident response program is responsive and repeatable. Incident process flows and investigation data sources are pre-defined during recurring preparation activities and exercises and are refined through investigation follow-ups. We use standard incident response process structures to ensure that the right steps are taken at the right time.

Audits, Vulnerability Assessment & Penetration Testing

Does Thnks have a repeatable process for discovering and quickly correcting security bugs?

Yes! We test for potential vulnerabilities continuously in all layers of the technology stack. Dynamic application scans, static code analysis, and infrastructure vulnerability scans are run every day, all day. Our Security team tests our products day-in and day-out to detect and quickly respond to flaws.

Does Thnks bring in outside third parties to find security issues?

Yes! We bring in industry-respected 3rd party penetration testing firms several times a year to test the Thnks products and data infrastructure. We also have rigorous internal and external audit processes to ensure that processes are implemented and working as intended.

Does Thnks have a vulnerability disclosure program?

Yes! For more information on the program or to disclose an existing vulnerability, please email us at [email protected].

What external audits or assessment results are available to review?

Thnks has certifications with the following: SOC 2 Type II, ISO 27001 2013, ANAB Accreditation Rule 2, and IAF – Member of Multilateral Recognition Arrangement.

If you would like to request the complete ISO 27001: 2013 or SOC 2 Type II report please reach out to [email protected] and someone will get in touch with you.

Escalation Policies and Procedures

For more information on Applied Gratitude’s (dba Thnks) escalation policies and procedures, please email [email protected].

Information Requests

Any customers, contractors, vendors or other third parties who would like more information regarding Applied Gratitude’s (dba Thnks) key policies and procedures (e.g. Information Security, Change Management, Incident Management), please email [email protected].

Anonymous Hotline

Please use this hotline to anonymously report any comments, concerns, or issues that you encounter: Thnks Anonymous Hotline.

Vulnerability Disclosure

The Thnks Vulnerability Disclosure Program enlists the help of the hacker community at HackerOne to make Thnks more secure. HackerOne is the #1 hacker-powered security platform, helping organizations find and fix critical vulnerabilities before they can be criminally exploited.

Data Protection and Use Addendum

Does Thnks have a Data Protection and Use Addendum (DPA)?

Yes! You can view and download the standard Thnks DPA here.
If you are a Thnks user and wish to enter into our DPA, please email us at [email protected].

Does Thnks use any sub-processors?

We do. You can view our list of service sub-proccesors here.

Data Request for Erasure

Can I request my personal data be deleted?

Yes! You are entitled to request us to erase any personal data we hold about you, provided we are able to comply with your request. To request your data to be erased, please submit a Request for Erasure here.

Google API Services User Data Policy

Thnks’ use and transfer to any other app of information received from Google Accounts will adhere to Google API Services User Data Policy , including the Limited Use requirements.

For more information on Google’s OAuth API, read their FAQ.