Trust is the foundation for every great partnership.

At Assemble, we measure our impact by the trust our customers have in us. A key aspect of our customers’ trust is ensuring that their sensitive data is safe, secure, and in compliance with applicable regulation.

We are committed to maintaining the highest standards of security, privacy, and compliance, and to ensuring that these practices are transparent and clearly explained to our customers.

If you have any questions about trust at Assemble, please send us an email at trust@assemble.inc.
compliance

Enterprise-Grade Security
& Privacy Standards

GDPR & CCPA
Assemble will never sell your personal information and processes any EEA-based personal data in accordance with our Data Processing Addendum and the standard contractual clauses (SCCs). See our Privacy Policy for more information.
SOC 2 Type 2
We are working with an independent auditor to achieve SOC 2 Type II compliance, which will certify our adherence to best-in-class security practices.
security

Enable your team with confidence and security.

Product

Assemble Foundations enables best-in-class security for collaboration workflows within your organization. Enterprise-grade Role-Based Access Control (RBAC), Single-Sign-On (SSO) authentication, and in-product data protection ensure you can share sensitive compensation information easily according to a user’s privilege.
Assemble helps you eliminate risky data management practices for sensitive compensation information. No more triple-checking one-time data shares, sending spreadsheets over email, or fat-fingering the wrong numbers.
Explore the Platform

Operational

Principle of Least Privilege
Our customer’s data is incredibly sensitive. We apply the principle of least privilege to ensure maximum data confidentiality. All access to production systems and customer data is limited to employees with a specific business need.
Robust Access Control
Access to all internal systems requires multiple authentication factors, including context-aware access control for administrative access.
Annual Penetration Testing
In addition to our Responsible Disclosure program, we conduct rigorous annual penetration tests with best-in-breed independent security firms.

For more information, please see our Security Controls.

Infrastructure

Encryption
We encrypt all sensitive data both at rest and in transit using robust, industry-leading encryption algorithms.
Network Security
Our production environments run in an isolated Virtual Private Cloud network with only necessary services enabled. External administrative access is mediated through context-aware access control proxies.
Cloud-Native Security
We’ve built our infrastructure from the ground up for security. We use declarative, immutable infrastructure and have adopted services and tools that help us minimize risk across our technology stack.
Commitment to Continuous Innovation
Assemble’s security team continuously evaluates our security controls and monitors employee devices, cloud environments, and networks for malicious activity.

Our team has hands-on experience building and operating security products in the U.S. Intelligence Community and the private sector, and we are committed to maintaining the highest standard of enterprise security available. We are continuously evaluating best-in-class security practices and technologies to remain state-of-the-art.
disclosure POLICY

Responsible Disclosure Policy

If you believe you've identified a security vulnerability in Assemble's service, please email trust@assemble.inc. Our security team promptly investigates all reported issues.

Empower your people with Assemble

Next-generation compensation management. Assembled with building blocks driven by your policies and beliefs.

Request A Demo