Security at conDati
We work to exceed industry standards when it comes to protecting your data. Our solutions have been built from the ground up with best practices for data access, security, and integrity.
|Data encryption in transit and at rest|
|SAML-based SSO or Open ID Connect|
|Access log management|
|24/7 network monitoring|
|Tiered platform to protect from internet-based attacks|
Security Practices at conDati
Last updated: August 22, 2018
conDati takes the security of your data seriously. We strive to stay current with or ahead of industry best practices with respect to confidentiality, application security, and availability, and the summary of our approaches in those areas is described below.
conDati is committed to ensuring that client data is not seen by anyone who does not have access authority. We place the strictest controls over our employees’ access to the data you and your users make available via our service, as more specifically defined in your Terms of Service agreement with conDati.
Internal Security Council
conDati maintains an internal Security Council to review both technical practices and business requirements. The Council meets regularly to review and improve our practices, examine our operating environments, and oversee the security-related tasks performed and/or features implemented by the conDati engineering security team.
All conDati employees and contract personnel are bound to and obligated in writing to our policies regarding use of client campaign performance data (hereinafter referred to as “client data”), and we treat these issues as matters of the highest importance. Each employee receives a security background check prior to hire, and when employees or contractors terminate their relationships with conDati, their access to conDati systems and client data is immediately suspended.
conDati employs a global cyber-security and risk mitigation firm to conduct code-assisted penetration testing on our product stack. Code-assisted means that we give the firm our source code in order to help them in their attempts to gain access to our product. In our first ever test of this kind we delivered strong results; meaning that no critical or high severity issues were uncovered and that attackers were unsuccessful to gain unauthorized access to the application or any associated infrastructure. Once access was granted via user credentials, it was impossible to gain access elsewhere due to the siloed design of our product architecture and security first approach to building products. A copy of our latest penetration report is available to our customers upon request.
Each of our customers has their own dedicated and isolated environment running the conDati Marketing Analytics product stack. conDati’s data warehousing architecture is based on Snowflake’s single-tenant data warehouse. Data from all of conDati’s clients is kept in individually protected source locations. This approach prevents “data leakage” between any application or storage instances.
No Use of Personally Identifiable Information
The conDati service does not collect, store, use, or analyze any personally-identifiable information (PII), such as the names, emails, phone numbers, or any other individual information about your prospects and customers, again as described in your Terms of Service Agreement with conDati. We ask that you do not provide us with access to any PII data, and we will delete any such data from our systems should it be encountered.
conDati services support the latest recommended secure cipher suites and protocols to encrypt all data traffic in transit. Client data is also encrypted at rest.
Single Sign On
conDati products can integrate with a variety of single-sign-on providers. Teams can enable Google Apps for Domains as their authentication provider, and teams can also enable SAML 2.0 SSO or Open ID Connect with providers such as OneLogin, Okta, Centrify, and Ping Identity.
Need-to-Know Data Access
The operation of conDati services occasionally requires that designated employees have access to the systems that store and process client data. Examples of the need for this kind of designated access include resolution of technical issues, configuration of data APIs from your source systems to conDati’s services, and application of conDati’s machine learning algorithms to your data for purposes of creating specific visualizations on your behalf. All employees are prohibited from using these permissions to view client data unless it is necessary to do so for development, engineering or problem resolution purposes. We maintain technical controls and review in-place policies to ensure that any and all access to client data is logged and validated.
Access to Source Systems
The nature of conDati’s services requires that you provide us with access authority and credentials to your source systems. These credentials are used only for the purposes of onboarding your data to the conDati service, and then preserving real-time access for our analytical services regarding your systems. The only conDati employees who have access to them are the data onboarding team, and they are kept under the tightest access control and access logging that we can provide. conDati assumes no other obligation with respect to the security of the data that comes from these systems, and you should ensure that your security practices remain in place at all times. Security practices by the vendors of these systems can be found at their respective websites, including Google, Adobe and Facebook, et al.
When you grant us credentials to your source data systems, you give us permission for read-only access: Your data can never be modified by conDati.
conDati always uses HTTPS, rather than HTTP, for our own systems and applications. We cannot control protocols used by other vendors, but when accessing your data in other systems, conDati will always use HTTPS if it is available.
The data warehouse that contains client data is operated provided by Snowflake, Inc., which maintains multiple security certifications for their conDati-related services and practices. For more information about their certifications and compliance, please visit the Snowflake Data Warehouse Security pages.
conDati services are hosted by Amazon Web Services, which maintains multiple certifications for their data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certifications and compliance, please visit the AWS Security website and the AWS Compliance website.
Availability and Disaster Recovery
We understand that you rely on conDati services to work. We’re committed to making conDati a highly-available service on which you can depend. Our infrastructure runs on AWS systems that are fault tolerant, including failures of individual servers or even entire data centers, to ensure availability. Client data and our source code are automatically backed up nightly. The conDati operations team is alerted in the event of any failure with this system. Backups are fully tested at least every 90 days to confirm that our processes and tools function as expected.
Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.
conDati maintains system logging for its production environments which contain information pertaining to security, monitoring, availability, access, and other specifics of conDati services. conDati maintains detailed access logs for all our services. We log every time an account signs in, noting the IP address of the connection. These logs are reviewed for suspicious security events and are consistently overseen by the security team.
Deletion of Access to Client Data
You may revoke conDati’s credentials to your source data systems at any time, either permanently or temporarily. conDati also provides the option for clients to request the deletion of client data at any time during a subscription term. Within 24 hours of authorized initiated deletion, conDati hard deletes all information from currently-running production systems. conDati services backups will then be destroyed within 14 days. These actions may be taken with or without cause or explanation, but they do not relieve you of your obligations under your Terms of Service agreement with conDati.
Application Security by Design
All new conDati features, functionality, and design changes go through security review during the design process that is facilitated by the security team. In addition, our code is manually peer-reviewed prior to deployment to production status.
Incident Management and Response
In the event of a security breach, conDati will promptly notify you of any unauthorized access to client data. conDati maintains the email address firstname.lastname@example.org for all security-related inquiries.
A Serious Security Commitment
We take security seriously at conDati, because every person and marketing team using our service expects their data to be secure and confidential. Protecting this data is a critical responsibility we have to our clients, and we work hard to maintain that trust.
AWS Standard Technology Partner
The environments that host conDati services maintain multiple certifications for their data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certifications and compliance, please visit the AWS Security website, AWS Compliance website, and Snowflake Data Warehouse Security pages.