Skip to main content

Security & privacy, certified

Tag Insight audits your tracking, so we hold ourselves to a higher bar on data protection. Our information security management system is ISO/IEC 27001:2022 certified and independently audited every year.

ISO 27001 badge, certified by Certi-Trust

ISO/IEC 27001:2022 certified

Standard
ISO/IEC 27001:2022
Certificate n°
CT-ISMS-022026-0CU02322
Certification body
Certi-Trust France (COFRAC accredited, n° 4-0612)
Valid
Feb 23, 2026 - Feb 22, 2029, with annual surveillance audits
Scope
The information security management system covering the design, development and operation of the Tag Insight SaaS platform.
Download certificate (PDF)

Verify authenticity anytime with the certification body at certification@certi-trust.com.

The safeguards behind your data

The controls below are part of the certified management system and apply to every scan, audit and tagging plan on the platform.

Encryption in transit and at rest

All traffic between your browser, our crawlers and our APIs is encrypted with TLS 1.2+. Scan results, tagging plans and account data are encrypted at rest with AES-256.

EU data hosting

The platform and its databases run on European cloud infrastructure. Your tracking data is stored and processed inside the EU and never leaves it for operations.

Access control & MFA

Access to production follows least privilege: role-based permissions, multi-factor authentication for every employee account, and access reviews on a fixed schedule.

Backups & continuity

Data is backed up automatically with point-in-time recovery, and restore procedures are tested regularly as part of our business-continuity plan.

Monitoring & logging

Infrastructure and application events are centrally logged and monitored, with alerts on anomalous access patterns and security-relevant changes.

Incident response

A documented incident-response process defines detection, containment, communication and post-mortem steps, including notification obligations under GDPR.

GDPR & DPA

Tag Insight acts as a processor for the data you scan. A Data Processing Agreement is part of every contract, and data-subject requests are honoured end to end.

Subprocessors & data minimisation

We collect only what the audits need, keep it no longer than necessary, and hold every subprocessor to the same contractual security commitments.

Questions about security?

Need our DPA, the subprocessor list, or answers for a vendor security review? We are happy to help.

Contact us

We use cookies to analyze traffic and improve your experience. Choose what you are happy with, you can change your mind any time.

Manage preferences