Rewind's Security Portal

background-image
Start your security review
View & download sensitive information
Ask for information
Search items
ControlK

Overview

Rewind is built from the ground up with a "security first" ethos. As experts in data backups, security isn’t just a feature. It’s at the core of what we do. We are happy to share our security practices to provide assurance in our processes and procedures. We will keep this portal updated regularly. You can also subscribe to receive update notifications.

Compliance

CCPA Logo
CCPA
CISA: Secure-by-Design Pledge Logo
CISA: Secure-by-Design Pledge
Cloud Fortified Logo
Cloud Fortified
CPRA Logo
CPRA
CSA Solution Provider SaaS Logo
CSA Solution Provider SaaS
CSA STAR Level 1 Logo
CSA STAR Level 1
CSA Trusted Cloud Provider Logo
CSA Trusted Cloud Provider
DORA Logo
DORA
GDPR Logo
GDPR
HIPAA Logo
HIPAA
ISO/IEC 27001:2022 Logo
ISO/IEC 27001:2022
PIPEDA Logo
PIPEDA
SOC 2 Logo
SOC 2
SOC 3 Logo
SOC 3

Rewind is trusted by over 25,000 organizations across the globe

Rightworks-company-logoRightworks
Stanley 1913-company-logoStanley 1913
Olaplex-company-logoOlaplex
Moomin-company-logoMoomin
Dr. Martens-company-logoDr. Martens

Documents

REPORTSSOC 2 Type 2 Report
REPORTSSOC 3 Report
REPORTSSecurity Whitepaper
REPORTSPentest Report
DOCUMENTSCustomer Data FAQ
LEGALCyber Insurance (Letter of Assurance)
POLICIESInformation Security Policies (Summaries)
REPORTSNetwork Diagram
COMPLIANCEISO/IEC 27001:2022

Product Security

Audit Logging
Data Security
Integrations
View more

Reports

Network Diagram
Pentest Report
Security Whitepaper
View more

Self-Assessments

CAIQ

Data Security

Access Monitoring
Backups
Data Erasure & Retention
View more

App Security

Responsible Disclosure
Application Penetration Testing
Code Analysis
View more

Legal

Subprocessors
Cyber Insurance (Letter of Assurance)
Data Processing Agreement
View more

Data Privacy

Cookies
Data Breach Notifications
Data Into System
View more

Access Control

Audit Log
Data Access
Device Lock
View more

Infrastructure

Status Monitoring
Amazon Web Services
BC/DR
View more

Endpoint Security

Disk Encryption
Endpoint Detection & Response
Mobile Device Management
View more

Network Security

Firewall
IDS/IPS
Virtual Private Cloud

Corporate Security

Asset Management Practices
Employee Training
HR Security
View more

Policies

Acceptable Use Policy
Access Control Policy
Asset Management Policy
View more

Security Grades

Qualys SSL Labs
Rewind Application
A+
Security Headers
Rewind Application
A+

Incident Response

Designated Response Personnel
Incident Reporting Process
Pager Service

Risk Management

Data Access/Impact Levels
Risk Assessments
Supply Chain Risk Management
View more

Asset Management

Asset Classification
Asset Inventories (Hardware/Software)
Asset Tracking
View more

BC/DR

Alternate Processing/Storage Site
Business Continuity Plan (BCP)
Contingency Plan Testing/Lessons Learned
View more

Training

Employee Privacy Training
Phishing Training
Role-Based Training
View more

Change Management

Change Management Program
Change Restrictions
Changes Notification & Verification

Physical & Environment

Access Monitoring
Alarms & Surveillance
Delivery & Loading Zones
View more

Continuous Monitoring

Alert Monitoring & Response
Automated Compliance Monitoring
Event & Audit Log Management
View more
Knowledge Base (FAQ)
  • Does Rewind have a network diagram to share with customers?
  • Does Rewind have a SOC 2 report?
View more
Rewind's Security Portal Updates

Rewind's ISO 27001:2022 Certificate is now available to download

Copy link
Compliance
We’re pleased to share that Rewind is now ISO/IEC 27001:2022 certified. Our certificate dated June 11, 2025 is available to view or download on the Rewind Trust Center.

Rewind's SOC 2 & SOC 3 Report is now available to download

Copy link
Compliance
Rewind has completed its latest audit for SOC 2 compliance. The newly released SOC 2 Type 2 report, dated May 15, 2025, covers the 12-month monitoring period ending on March 31, 2025. Documentation, including our SOC 3 report, is now available in Rewind's Trust Center.
Rewind has just completed our latest audit for SOC 2 compliance! This new SOC 2 Type 2 report dated June 6 2024, is for the 12-month monitoring period ending in March 31 2024. Documentation, including our SOC 3 report, is now available in our Trust Center.

Update to the Rewind DPA

Copy link
General
This is an automatic notification to inform you of important updates to Rewind’s Data Processing Agreement (DPA), effective May 10, 2025. As part of our ongoing commitment to transparency, compliance, and the security of your data, we’ve made the following changes:
  1. Inclusion of CCPA-Specific Provisions We’ve added language to address the California Consumer Privacy Act (CCPA) and its amendments under the CPRA, aligning with service provider obligations.
  2. Revised Security Annex Updates reflect current security practices, including enhanced descriptions of encryption, incident response, and audit procedures.
You can view the most recent version of Rewind’s DPA, posted on April 10, 2025 — check it out here. If you have questions about privacy or data protection, contact us at privacy@rewind.com. For all other inquiries, please submit a request help@rewind.com. Thank you for choosing Rewind.
Rewind conducts regular reviews of Rewind’s DPA to ensure it continues to meet our Customer’s requirements. We are notifying you that as part of this recent review, our DPA has been updated to reflect changes in data protection laws, to incorporate feedback from our Customer’s and to address minor grammatical spelling and punctuation issues. As per Section 10.3.1 of our DPA, the revised version will become effective 30 days after it is posted. The updates and modifications to this DPA do not materially decrease the overall security and data protection provided by Rewind to our Customers. Please take some time to review the DPA, available at https://rewind.com/legal/dpa/. If you have any questions about the updates to this DPA, please contact us at privacy@rewind.com.

Rewind Sub-Processor List Update

Copy link
Subprocessors
At Rewind, we are committed to transparency in how we manage your data. We have recently updated our Subprocessor List to reflect changes in the third-party services we use to support our products and operations. Key Updates: ✅ New subprocessor categories for improved clarity, including Infrastructure & Security, General Operations, Employment, and Platform-Specific Subprocessors. ✅ Removal of Intercom as a subprocessor and the addition of Ada, FullStory, Microsoft Clarity, and Appcues. ✅ Enhanced descriptions of each subprocessor’s role and data usage to ensure compliance with GDPR, CCPA, and other regulations. You can review the updated list here: https://rewind.com/legal/sub-processors/. If you have any questions or concerns, feel free to reach out to us at privacy@rewind.io. Thank you for your trust in Rewind!
Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.
Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.
Rewind has recently updated our sub-processor list. Please visit https://rewind.com/legal/sub-processors/ to review any changes.
If you think you may have discovered a vulnerability, please send us a note.
Report issue