Sustainability
Sustainability at Truecaller Double materiality assessment Environment Social Governance ESG Reporting and Disclosures ESG Ratings Information Security and Privacy

Information security

At Truecaller we have an unwavering emphasis on being at the forefront of data security. This is evidenced by the ongoing development of our data management processes to ensure that they are both robust and effective. Our agile organizational structure promotes this development and allows us to quickly adapt to new changes in the area of information security.

As a globally recognized platform for verification of contacts and blocking of unwanted calls, we have a major responsibility when handling user data. Our service is built on trust – trust that we maintain by implementing comprehensive security measures to protect all user data that we are entrusted with processing. These measures are designed to protect the data from unauthorized access, use, dissemination and destruction.

https://www.truecaller.com/information-security-policy-statement

Cybersecurity

At Truecaller we take cybersecurity very seriously and make every effort to protect our company’s assets, employees and user data, while also constantly being at the forefront of leveraging new technology. Our comprehensive cybersecurity program guarantees that our systems and data are protected. Our security measures rely on several levels of security – from advanced firewalls, infringement prevention systems, fundamental security principles and encryption methods, as well as rigorous authentication processes. We also constantly monitor our network, applications, systems and user interfaces.

Our security management involves the use of a comprehensive information security management system (ISMS) to ensure that we are focused on and prioritizing our efforts where it counts.

Our ISMS is based on a set of principles and best practices, which are constantly reviewed and updated to align with industry standards such as ISO 27001, NIST Cybersecurity Framework and SANS CITS Critical Security Controls.

The ISMS system is designed to identify, evaluate and prevent potential risks, while our management structure is responsible for overseeing the systems and ensuring that they are aligned with applicable standards, regulations, privacy provisions and customer expectations.

Data Privacy

Truecaller is obliged to comply with many regulations regarding data security in the markets where we have a presence. We must also carefully monitor developments in data protection in these markets to ensure that we can be proactive in introducing best practices and be ready to follow them. We allocate substantial resources in order to take the steps necessary to ensure compliance. The Privacy Center on our website, truecaller.com/privacy/ privacy-center, is kept updated and we have a robust framework of policies:

• Data Breach Response Policy

• IT Security Training Policy

• Access Control Policy and Access Management Policy

• Encryption Policy

• Information Security Policy

• Group Data Governance Policy

• Data Storage Policy

Privacy management

Truecaller believes that a clear management structure for personal privacy and data protection provides a solid foundation for an open and trusting relationship with our users and a culture within Truecaller that is distinguished by integrity. To ensure continuous compliance with applicable laws, Truecaller has created its own governance model. Truecaller’s model includes a dedicated data protection unit with specific areas of responsibility and assignments to manage the implementation and maintenance of the compliance program for integrity and data protection within the organization.

To firmly establish the management structure, Truecaller appointed “Privacy Champions” within each team to develop protection measures, support the compliance program and ensure that all departments and units take responsibility for protecting personal data.

These Privacy Champions offer support, for example to maintain processing activity logs and personal data assistance.

See in-depth descriptions and comments in our ESG Reports and Disclosures section and our privacy centre webpage .