Security

DATA CENTER SECURITY

Hosting

SplitMetrics Product Suite is built on DigitalOcean Platform’s compliance (https://www.digitalocean.com/security/compliance/) and AWS Platform’s compliance (https://aws.amazon.com/compliance) with leading standards for privacy and information security, including recurring re-examination by independent auditors.

Web Servers

All servers that run SplitMetrics software in production are recent, continuously patched Linux systems.

Our web servers use the strongest grade of HTTPS security (TLS 1.2). All user data is transported securely, as all traffic is encrypted in transit via SSL. Our SSL certificates are 2048 bit RSA, signed with SHA256. We use encryptions methods when your data is transferring.
For the communication between servers the private network is used.

ACCESS AND TRANSPORT CONTROL

Logical access control

We implemented the following measures: authentication procedures, logging of authentication attempts and aborting the logon process after a specific number of unsuccessful attempts, regularly updated antivirus and spyware filters.

Employees’ access

Each employee has personal and individual login credentials when logging on to the system. We have special requirements for setting and using passwords in our company.

Access Limitation

We use SSH keys, authorization concept and logging of access and abuse attempts.
Access to the infrastructure as well as data is provided on “need to know” basis to minimize access to your data.

Transport control

We transfer your personal data only via encrypted data networks or VPN.

BUILT-IN SECURITY MEASURES

Depersonalization

We use measures which reduce direct references to you during processing.

Input control

All system activities are logging and keeping these logs for at least three years.
We apply protocol evaluation systems. Also we use checksums and digital signatures.

Incident

We monitor a variety of communication channels as well as internal indicators for security incidents, and our security personnel will react to known incidents.

Encryption

We use encryption methods when your data is transferring. You can check our currently supported ciphers here: https://www.ssllabs.com/ssltest/analyze.html?d=splitmetrics.com

Separation rule

Personal data are stored and processed separately from each other on the assumption of the nature and purpose of the personal data.

Data integrity

We have implemented measures which protect your personal data from malfunctioning of the system. Personal data can not be corrupted or other ways change.

ORGANIZATIONAL MEASURES

Personnel

Personnel meet the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
Personnel execute a confidentiality agreement. Also they meet the additional requirements appropriate to their role (e.g., criminal background check and extended probation period).

Awareness and Training

We are permanently creating awareness among our employees about key GDPR requirements, and conduct regular trainings to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.