Skip to main content

SupplierConnect: Data Security & Confidentiality Protocols

HowGood’s security protocols and confidentiality policies for SupplierConnect, ensuring your product data stays private and secure.

A
Written by Aine Kmen
Updated this week

At HowGood, we understand that the confidentiality and security of your product and supply chain data are critical not only to your internal operations, but also to maintaining your competitive edge.

Suppliers from around the world confidently share proprietary formulation, sourcing, and LCA data through SupplierConnect, knowing that protecting that information is our highest priority.

This article is an overview of how we keep your data secure and your IP protected.

Enterprise-Grade Data Security Standards

HowGood’s systems are designed with enterprise-level security controls to protect your data at every stage.

  • SOC 2 Type II Certified

    Our platform is audited annually to ensure we meet rigorous standards for security, availability, and confidentiality.

  • ISO/IEC 27001 Certified

    Our information security management system is certified to the ISO 27001 global standard, demonstrating our commitment to secure data handling and risk management.

✅ More information on our InfoSec policies, controls, and requests is available through our Trust Center. You can obtain a copy of our SOC 2 report there.

Access HowGood's Trust Center here.

Data Encryption & Protection

All data transmitted to and from the HowGood platform is encrypted using industry-standard protocols:

  • In Transit: TLS 1.2 or higher

  • At Rest: AES-256 encryption on all stored data

Sensitive information, such as login credentials and proprietary documents, is protected by robust encryption and secure access controls.

Your Proprietary Data Remains Confidential

We know that formulas, sourcing information, and life cycle assessments are often highly sensitive.

Here’s what your customer does and doesn’t see:

  • YES: The final footprint results (e.g., carbon, water, biodiversity)

  • NO: The ingredients, formulations, sourcing details, or LCA files you submitted to generate those results

These underlying inputs are never shared with your customers. They are used exclusively by HowGood’s system to generate impact calculations. Each customer only sees the product footprint results associated with their request and has no visibility into other customers’ data or submissions.

View our Supplier NDA here.

Controlled Access & Monitoring

  • Your team’s account access is protected by strong password requirements, session management, and role-based permissions

  • Platform activity is logged and monitored to detect and respond to unauthorized access

  • Internal HowGood access is scoped using the principle of least privilege

Secure Cloud Infrastructure

HowGood’s platform is hosted on secure AWS cloud infrastructure, which includes:

  • Real-time threat detection and response

  • Redundant backups and disaster recovery protocols

  • Physical data center certifications, including SOC 2, and ISO 27001

Responsible Data Stewardship

We are committed to ethical, transparent, and supplier-first data practices:

  • We do not sell or share your data with third parties

  • We never use your data for cross-supplier benchmarking

  • You retain full control of your data and can request updates or deletions at any time

Need more information regarding our security posture?

If your IT or security team is interested in receiving a copy of our SOC 2 report or our latest penetration test report, they can request these documents directly through our Trust Center at this link.

Our team will review the request and provide information to your team as long as we have a non-disclosure agreement (NDA) in place with your organization.

Did this answer your question?