SplitMetrics Product Suite is built on DigitalOcean Platform’s compliance (https://www.digitalocean.com/security/compliance/) and AWS Platform’s compliance (https://aws.amazon.com/compliance) with leading standards for privacy and information security, including recurring re-examination by independent auditors.
All servers that run SplitMetrics software in production are recent, continuously patched Linux systems.
Our web servers use the strongest grade of HTTPS security (TLS 1.2). All user data is transported securely, as all traffic is encrypted in transit via SSL. Our SSL certificates are 2048 bit RSA, signed with SHA256. We use encryptions methods when your data is transferring.
For the communication between servers the private network is used.
We implemented the following measures: authentication procedures, logging of authentication attempts and aborting the logon process after a specific number of unsuccessful attempts, regularly updated antivirus and spyware filters.
Each employee has personal and individual login credentials when logging on to the system. We have special requirements for setting and using passwords in our company.
We use SSH keys, authorization concept and logging of access and abuse attempts.
Access to the infrastructure as well as data is provided on “need to know” basis to minimize access to your data.
We transfer your personal data only via encrypted data networks or VPN.
We use measures which reduce direct references to you during processing.
All system activities are logging and keeping these logs for at least three years.
We apply protocol evaluation systems. Also we use checksums and digital signatures.
We monitor a variety of communication channels as well as internal indicators for security incidents, and our security personnel will react to known incidents.
We use encryption methods when your data is transferring. You can check our currently supported ciphers here: https://www.ssllabs.com/ssltest/analyze.html?d=splitmetrics.com
Personal data are stored and processed separately from each other on the assumption of the nature and purpose of the personal data.
We have implemented measures which protect your personal data from malfunctioning of the system. Personal data can not be corrupted or other ways change.
Personnel meet the company’s guidelines regarding confidentiality, business ethics, appropriate usage, and professional standards.
Personnel execute a confidentiality agreement. Also they meet the additional requirements appropriate to their role (e.g., criminal background check and extended probation period).
We are permanently creating awareness among our employees about key GDPR requirements, and conduct regular trainings to ensure that employees remain aware of their responsibilities with regard to the protection of personal data and identification of personal data breaches as soon as possible.