Security at conDati
We work to exceed industry standards when it comes to protecting your data. Our solutions have been built from the ground up with best practices for data access, security, and integrity.
|Data encryption in transit and at rest|
|SAML-based SSO or Open ID Connect|
|Access log management|
|24/7 network monitoring|
|Tiered platform to protect from internet-based attacks|
Security Practices at conDati
Last updated: June 12, 2018
conDati takes the security of your data seriously. We strive to stay current with or ahead of industry best practices with respect to confidentiality, application security, and availability, and the summary of our approaches in those areas is described below.
conDati is committed to ensuring that client data is not seen by anyone who does not have access authority. We place the strictest controls over our employees’ access to the data you and your users make available via our service, as more specifically defined in your Terms of Service agreement with conDati.
All conDati employees and contract personnel are bound to and obligated in writing to our policies regarding use of client campaign performance data (hereinafter referred to as “client data”), and we treat these issues as matters of the highest importance. Each employee receives a security background check prior to hire, and when employees or contractors terminate their relationships with conDati, their access to conDati systems and client data is immediately suspended.
No Use of Personally Identifiable Information
The conDati service does not collect, store, use, or analyze any personally-identifiable information (PII), such as the names, emails, phone numbers, or any other individual information about your prospects and customers, again as described in your Terms of Service Agreement with conDati. We ask that you do not provide us with access to any PII data, and we will delete any such data from our systems should it be encountered.
Need-to-Know Data Access
The operation of conDati services occasionally requires that designated employees have access to the systems that store and process client data. Examples of the need for this kind of designated access include resolution of technical issues, configuration of data APIs from your source systems to conDati’s services, and application of conDati’s machine learning algorithms to your data for purposes of creating specific visualizations on your behalf. All employees are prohibited from using these permissions to view client data unless it is necessary to do so for development, engineering or problem resolution purposes. We maintain technical controls and review in-place policies to ensure that any and all access to client data is logged and validated.
Access to Source Systems
The nature of conDati’s services requires that you provide us with access authority and credentials to your source systems. These credentials are used only for the purposes of onboarding your data to the conDati service, and then preserving real-time access for our analytical services regarding your systems. The only conDati employees who have access to them are the data onboarding team, and they are kept under the tightest access control and access logging that we can provide. conDati assumes no other obligation with respect to the security of the data that comes from these systems, and you should ensure that your security practices remain in place at all times. Security practices by the vendors of these systems can be found at their respective websites, including Google, Adobe and Facebook, et al.
When you grant us credentials to your source data systems, you give us permission for read-only access: Your data can never be modified by conDati.
conDati always uses HTTPS, rather than HTTP, for our own systems and applications. We cannot control protocols used by other vendors, but when accessing your data in other systems, conDati will always use HTTPS if it is available.
Internal Security Council
conDati maintains an internal Security Council to review both technical practices and business requirements. The Council meets regularly to review and improve our practices, examine our operating environments, and oversee the security-related tasks performed and/or features implemented by the conDati engineering security team.
Application Security by Design
All new conDati features, functionality, and design changes go through security review during the design process that is facilitated by the security team. In addition, our code is manually peer-reviewed prior to deployment to production status.
conDati’s application architecture is based on Snowflake’s single-tenant datawarehouse. This approach prevents “data leakage” between storage instances. Data from all of conDati’s clients is kept in individually protected source locations.
conDati services support the latest recommended secure cipher suites and protocols to encrypt all data traffic in transit. Client data is also encrypted at rest.
The data warehouse that contains client data is operated provided by Snowflake, Inc., which maintains multiple security certifications for their conDati-related services and practices. For more information about their certifications and compliance, please visit the Snowflake Data Warehouse Security pages.
conDati services are hosted by Amazon Web Services, which maintains multiple certifications for their data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certifications and compliance, please visit the AWS Security website and the AWS Compliance website.
Availability and Disaster Recovery
We understand that you rely on conDati services to work. We’re committed to making conDati a highly-available service on which you can depend. Our infrastructure runs on AWS systems that are fault tolerant, including failures of individual servers or even entire data centers, to ensure availability. Client data and our source code are automatically backed up nightly. The conDati operations team is alerted in the event of any failure with this system. Backups are fully tested at least every 90 days to confirm that our processes and tools function as expected.
Firewalls are configured according to industry best practices and unnecessary ports are blocked by configuration with AWS Security Groups.
conDati maintains system logging for its production environments which contain information pertaining to security, monitoring, availability, access, and other specifics of conDati services. conDati maintains detailed access logs for all our services. We log every time an account signs in, noting the IP address of the connection. These logs are reviewed for suspicious security events and are consistently overseen by the security team.
Incident Management and Response
In the event of a security breach, conDati will promptly notify you of any unauthorized access to client data. conDati maintains the email address firstname.lastname@example.org for all security-related inquiries.
Single Sign On
conDati products can integrate with a variety of single-sign-on providers. Teams can enable Google Apps for Domains as their authentication provider, and teams can also enable SAML 2.0 SSO or Open ID Connect with providers such as OneLogin, Okta, Centrify, and Ping Identity.
Deletion of Access to Client Data
You may revoke conDati’s credentials to your source data systems at any time, either permanently or temporarily. conDati also provides the option for clients to request the deletion of client data at any time during a subscription term. Within 24 hours of authorized initiated deletion, conDati hard deletes all information from currently-running production systems. conDati services backups will then be destroyed within 14 days. These actions may be taken with or without cause or explanation, but they do not relieve you of your obligations under your Terms of Service agreement with conDati.
A Serious Security Commitment
We take security seriously at conDati, because every person and marketing team using our service expects their data to be secure and confidential. Protecting this data is a critical responsibility we have to our clients, and we work hard to maintain that trust.
Amazon Web Services
The environments that host conDati services maintain multiple certifications for their data centers, including ISO 27001 compliance, PCI Certification, and SOC reports. For more information about their certifications and compliance, please visit the AWS Security website, AWS Compliance website, and Snowflake Data Warehouse Security pages.