Cremit logoCremit

Cremit Trust Center

At Cremit, security isn't just a feature—it's foundational to everything we build. As a company dedicated to protecting Non-Human Identities, we hold ourselves to the highest security standards, because we believe you can't secure what you don't practice. We treat the data entrusted to us—whether from our customers, their end users, or anyone who interacts with our organization—with the utmost care and responsibility. Our security-first mindset drives our development processes, infrastructure decisions, and organizational policies. We are committed to transparency in how we operate and continuously improving our security posture. This includes maintaining industry-recognized certifications, conducting regular third-party security assessments, and fostering a culture where every team member takes ownership of security.

security@cremit.io

Compliance

Links

Privacy PolicyTerms of Service

Resources

Physical Security Policy
Acceptable Use Policy
Network Security Policy
Business Continuity and Disaster Recovery
Business Impact Assessment Policy

Controls

Sensitive Data Classification & Access Control
Password rules enforced
Secure, unique authentication required for infrastructure access
Quarterly user access reviews performed
Source code access restricted and changes logged
Data encrypted at rest
Secure disposal of electronic media containing sensitive data (PII, ePHI, etc.)
Customer data deleted after termination
Database backups performed
Vendor Confidentiality & Privacy Agreements
Secure connection means utilized
Web application firewalls configuration
Development, testing, production environments separated
External Attack Surface Vulnerability Scanning & Remediation
Code of Conduct acknowledged by contractors
Anti-malware monitoring
Intrusion detection tool
Monitoring, measurement, analysis and evaluation
Automated system capacity and performance monitoring
Infrastructure firewall
Incident response procedures documented
Business continuity & disaster recovery plans documented and tested
Security incident logging and review
Business continuity plans ensure emergency functionality
Visitor sign-in, badging, and escort policy
Internal Audit Program
Clear desk/screen policy established
Compliance requirements documented
Technology assets inventoried
Interested party security requirements logged
Annual risk assessments performed
Documented Vendor Management Program
Background checks performed on contractors
Security awareness training implemented
Background checks performed on employees
Confidentiality Agreement acknowledged by employees
Clock synchronization
Multi-availability zones
Defined and maintained ISMS scope
Documentation available to internal and external users
Whisteblower mechanism maintained
Patch management process developed
Production system hardening and baseline configuration management
Information security policies and procedures
Mobile Device Management (MDM) and BYOT
Removable Media Use Restricted and Encrypted

Subprocessors

HubSpot | Software & Tools for your Business - Homepage
HubSpot | Software & Tools for your Business - HomepageUnknown Category
Jamf Apple Device Management. Mac iPad iPhone TV Apple MDM
Jamf Apple Device Management. Mac iPad iPhone TV Apple MDMUnknown Category
GitHub
GitHubCode & Build Security
Featurebase
FeaturebaseUnknown Category