Keeping our customers' data protected at all times is our highest priority. This security overview provides a high-level overview of the security practices we have put in place to achieve that objective. Have questions or feedback? Feel free to reach out to us at email@example.com.
All of our services run in the cloud. We don’t host or run our own routers, load balancers, DNS servers, or physical servers; instead, our service is built on Google Cloud Platform, which provides strong security measures to protect our infrastructure and are compliant with most certifications. You can read more about GCP security practices here: Google Cloud Platform.
Network level security monitoring and protection
Our network security architecture consists of multiple security zones. We monitor and protect our network, to make sure no unauthorized access is performed using:
- A virtual private cloud (VPC), a bastion host or VPN with network access control lists (ACL’s) and no public IP addresses.
- A firewall that monitors and controls incoming and outgoing network traffic.
- An Intrusion Detection and/or Prevention (IDS/IPS) solution that monitors and blocks potential malicious packets.
Encryption in transit: All data sent to or from our infrastructure is encrypted in transit via industry best-practices using Transport Layer Security (TLS). We maintain an A+ rating from ssllabs.
Encryption at rest: All our user data (including passwords) is encrypted using battle-hardened encryption algorithms.
Business continuity and disaster recovery
We back up all of our critical assets and regularly attempt to restore the backup to guarantee a fast recovery in case of disaster. All our backups are encrypted.
Application security monitoring
- We use automation to monitor exceptions, logs, and detect anomalies in our applications.
- We collect and store logs to retain an audit trail of all activity on our applications.
- We use monitoring tools such as open tracing in our microservices.
Dataform is committed to working with security experts across the world to stay up to date with the latest security techniques. If you believe you have found a security vulnerability, we encourage you to let us know right away by contacting firstname.lastname@example.org. We will investigate all legitimate reports and do our best to quickly fix issues.
All user authentication is safely outsourced to Auth0. You can find more information on Auth0 security at auth0.com/security.
We’re compliant with the General Data Protection Regulation (GDPR). The purpose of GDPR is to protect the private information of EU citizens and give them more control over their personal data. Contact us for more details on how we comply with GDPR.
If your data is subject to PCI requirements, please contact us at email@example.com.
If your data is subject to HIPAA requirements, please contact us at firstname.lastname@example.org.
All payment instrument processing is safely outsourced to Stripe which is certified as a PCI Level 1 Service Provider. We do not collect any payment information and are therefore not subject to PCI obligations.
- Our strict internal procedures prevent any employee or administrator from gaining access to user data. Limited exceptions may be made for the provision of customer support services.
- All our employees sign a Non-Disclosure and Confidentiality Agreement when joining the company to protect our customers' sensitive information.