Security controls we put in place to protect customer data and the security of the application.
Below we have outlined security controls we put in place to protect customer data and the security of the application.
- We use 2 factor authentication on all our servers and online services.
- Production environment and variables are only accessible to 2 senior developers in our organisation
- Separation of the website & processing service. The website you sign up to doesn't have access to any of the client data we process / is completely separated from email event processing which is done via Google App Engine and Datastore. Eg. if the website was compromised they would not be able to access any of the email info/events we have processed on your behalf.
- Code deployment is tested and reviewed by senior developers before being deployed.
Server-Side Encryption at REST:
Firestore in Datastore mode automatically encrypts all data before it is written to disk. The data is automatically and transparently decrypted when read by an authorised user. More info here.
Data Retention:
- If you are using basic events we clear these out every 30 days
- If you are using the enhanced version (with Subject line) we store this for 365 days. (This is due to SendGrid only storing it for 30 days - if someone clicks or opens on an email after that date we can still attach the extra info as have stored it on our end)