Trust Center

Dear Valued Customers,

We hope this message finds you well. In light of the recent events involving Crowdstrike, we want to assure you that Metadata has not been impacted by these events. Our systems and operations remain secure and fully functional.

At Metadata, your security and trust are our top priorities. We extensively use Crowdstrike for our cybersecurity measures and have conducted a thorough review of our systems and processes in light of recent events. We can confirm that we are not impacted as a result of the Crowdstrike incident. Our team is continually monitoring the situation to ensure the highest levels of security and operational integrity.

We remain vigilant and proactive in our efforts to safeguard your data and ensure the uninterrupted delivery of our services. Please rest assured that we are committed to maintaining the reliability and security you have come to expect from Metadata.

Thank you for your continued trust and support. Should you have any questions or concerns, please do not hesitate to reach out to our customer support team.

Warm regards,

The Metadata Security Team secops@metadata.io

San Francisco, CA – Metadata, the leader in marketing operations automation, today announced the successful completion of an in-depth security assessment conducted by Praetorian, an independent cybersecurity firm. This assessment is part of Metadata's ongoing commitment to ensuring the highest level of security for our platform and our customers' data.

Between June 10 and June 26, 2024, Praetorian conducted a thorough risk-informed security assessment of the Metadata.io platform, focusing on potential vulnerabilities related to Authentication, Cross-tenant Authorization, and Injection attacks. The assessment involved a comprehensive review of people, processes, and technology, including access to source code and Software Composition Analysis (SCA) reports from Snyk.

Praetorian's assessment identified no critical or high-risk issues, demonstrating Metadata's strong security posture. The findings included:

• 1 Medium Risk: Successfully mitigated.
• 2 Low Risks: Successfully mitigated.
• 1 Informational Issue: Risk accepted by Metadata.

Key Strengths Identified:

Secure HTTP Encryption: All backend servers enforce a minimum of TLSv1.2, with no possibility of downgrade attacks, safeguarding against man-in-the-middle attacks.

Cross-site Scripting Protection: Robust measures are in place to sanitize and escape all user inputs, preventing cross-site scripting vulnerabilities. Strong Authentication Controls: Enforced strong password policies and rate limiting to protect against brute force attacks.

Responsive Development Team: Praetorian highlighted the responsiveness and cooperation of Metadata's development team throughout the assessment process.

Following the initial assessment, Metadata implemented necessary remediations and requested a follow-up retest, conducted between August 12 and August 14, 2024. Praetorian confirmed that all identified issues had been appropriately addressed, further solidifying Metadata's security infrastructure.

Metadata remains dedicated to providing a secure environment for all users. The successful remediation of identified risks underscores our commitment to continuous improvement and maintaining customer trust.

Reports may be downloaded at https://trust.metadata.io

For more information, please contact: secops@metadata.io

Metadata, Inc. Achieves ISO/IEC 27001:2022 Certification.

November 13, 2023

San Jose, CA - Metadata, Inc., a leading marketing technology SaaS solution, is proud to announce that it has achieved ISO/IEC 27001:2022 certification, the latest international standard for information security management systems (ISMS).

This certification demonstrates Metadata, Inc.'s ongoing commitment to robust security practices and risk management. By achieving this internationally recognized certification, Metadata, Inc. has demonstrated its commitment to data protection, improving customer trust, and ensuring its systems are resilient against security threats.

The ISO/IEC 27001:2022 standard includes requirements for establishing, implementing, maintaining, and continually improving an ISMS. The standard also includes requirements for the assessment and treatment of information security risks tailored to the needs of the organization.

“Obtaining the ISO/IEC 27001:2022 certification is a significant accomplishment for Metadata, Inc.,” said Raymond Taft, Chief Information Security Officer of Metadata, Inc. “This certification not only validates our ongoing commitment to security and data protection but also provides our customers with an added level of assurance in our capabilities.”

Customers can download the ISO/IEC 27001:2022 certification from the Metadata, Inc. [Trust Center].

For more information about Metadata, Inc. and its commitment to security, please visit www.metadata.io and trust.metadata.io