See how Carrot can transform companies.

SECURITY & privacy

Safe and secure,
every step of the way

Request a demo
People under umbrellas
Compliance and certifications
Carrot Care Team

SOC 2 Type II

Carrot Care Team

HIPAA

Carrot Care Team

GDPR

Carrot Care Team

CCPA

Security

Secure by design

Admin paperwork
Cloud security
The Carrot application is hosted on Microsoft Azure, a top-tier cloud provider that undergoes extensive audits in technical and physical security.
Networked planet
Secure software development
Carrot adheres to a rigorous and secure Software Development Lifecycle (SDLC) to ensure only safe and stable updates are shipped to our application.
Care Nav expert team
Penetration testing
Carrot undergoes annual penetration testing from a third-party auditor and continuously scans our application and system for vulnerabilities.
A computer and a mobile phone
Encryption
All data is encrypted in transit (TLS 1.2) and at rest (AES-256).
Carrot card
Access controls
Carrot systems are designed to abide by the principals of Deny by Default, Least Privilege, Need-To-Know, and Unique Identification.
Carrot card
Single sign-on (SSO)
Employers can connect their SAML identity provider (e.g., Okta, G Suite, OneLogin) to ensure seamless and secure authentication.
Privacy

Frequently asked questions

How does Carrot ensure data privacy for employees?
Carrot strictly adheres to regulatory frameworks including HIPAA, GDPR, and CCPA to ensure data privacy for our members.
What data does
Carrot collect from employees?
Data collected from employees is limited to the data necessary to provide our service.
What does Carrot do with data it collects?
Carrot uses collected data to conduct necessary business and optimize the experience of our members.
Does Carrot share data with third parties?
Carrot shares data with third parties only to the extent necessary to conduct our business. Carrot does not share employee data with employers, except when limited, de-identified data must be shared to process taxes and payroll. Carrot does not sell or rent employee data to outside parties.
Read our Privacy Policy

Report an issue

To report any security or privacy issue, please send a message to security@get-carrot.com.