@2x%20(1).png?height=120&name=Produce8%20logo%20-%20Colour%20white%20(L)@2x%20(1).png)
How and where is customer data stored and protected?
Customer data is treated with the highest level of security. See below for how we protect customer data and end user privacy.
How Is Customer Data Stored?
Customer activity, call and meeting data is stored in a fully managed cloud database. PII is not stored along side customer activity, call or meeting data but is tokenized with a generated unique customer id and application id which is assigned by the Produce8 application upon customer signup.
Customer information such as workspace memberships, Account data, email preferences, goals etc. is stored in a segregated data store which is not collocated with activity data but which can be related to activity data at run time through API access.
The DB replicated across multiple availability zones (data centres) within a single region. Each availability zone is a fully segregated data centre and data is replicated in real time across both availability zones so that in the event of a data center outage the backup zone can be used with no downtime to end users.
How Is Customer Data Backed Up?
All data sources are backed up daily and backups are stored on a rotating 30 day schedule. Backups are stored for in an encrypted data bucket which is automatically backed up and stored in multiple Availability Zones for high availability. Data can be restored from any of the daily backups on demand.
Where Is Customer Data Stored?
Customer Data is stored in AWS in the US-West-2 Region (Oregon).
Produce8 stores data in both relational and non-relational data stores which are fully managed.
No customer data records are ever exported outside of the AWS VPC as part of normal business operations or application functionality.
How is Customer Data Protected?
Data Collection and Personally Identifiable Information (PII)
Customer data is treated with the highest level of security.
Data Collection and PII
- Firstly, we strive to collect only the smallest amount of data required for the purposes of our application functionality.
- We don’t collect PII other than name, email address and timezone
- All payment information is stored in a PCI compliant 3rd party payment gateway
For more information on what data is collected and stored see What Data Does Produce8 Collect?
Data Management
- Customer data is transmitted over an encrypted SSL channel to our backend API and is then transmitted via encrypted data ingestion to our analytics DB.
- Data is tokenized, so no user data is transmitted along side activities but is correlated to a user via an anonymous system user id
- Data is linked to a user profile via the application as part of an API request on demand
Data Access
- Users are allowed to access their own data and the data which has been shared with them in their account in accordance with our application’s policies
- Users are identified using a signed token with a short lifespan and automatic renewal
- Data is stored in a multi-tenant database and all requests are segregated to the accountID of the user making the request identified by their token
Protection & Monitoring
- All requests to our customer data APIs are restricted via a Web Application Firewall and common attack patterns are automatically blocked
- All requests and all transactions are logged and logs are continuously monitored for threats with real time alerting to our on call support engineers
- 3rd party threat detection and compliance tools are used to ensure best practices are in place
Data Encryption
- Customer data is encrypted in transit and at rest using Symmetric Key Encryption
Data Retention
- Data is retained for 1 year before being automatically removed from our databases
- Account data can be completely purged at any time by submitting a request to the customer success team