Security
Jerre avatar
Written by Jerre
Updated over a week ago

We have developed a security strategy that focuses on emerging trends in the cybersecurity field and common threats that impact businesses in the technology sector. Below are some common questions and concerns when it comes to security. If you have an additional question, feel free to email us at [email protected]


Protecting Customer Data

Encryption

Snitcher supports TLS v1.3 encryption to protect communications between customer web applications and Snitcher systems. All data received from customers is encrypted at rest using AES-256-bit encryption while in storage. We highly recommend that customers configure webhooks using TLS v1.2+.


Employee access

We restrict the number of personnel with access to information systems containing sensitive data. Customer data is only accessible by those who need to access it for their work, e.g., responding to a customer support case or resolving a technical issue requiring engineering input.


Data retention

Data is deleted from our systems using automated policy-based expiration periods once data has met the retention schedule. We also perform data removals through manual delete operations to fulfill ad-hoc requests (e.g., privacy requests).

Internal practices

We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data. These policies are built in accordance with international standards.

Cloud and Network Architecture

Datacenters

We use Amazon Web Services (AWS) and DigitalOcean data centers located in Europe (Frankfürt, Germany, and Amsterdam, the Netherlands).

The AWS cloud infrastructure has been designed and managed in compliance with regulations, standards, and best practices, including SOC 2, ISO 27001, FedRAMP, GDPR, CCPA, and PCI DSS Level 1.

To learn more about the security standards and frameworks that our AWS cloud data centers comply with, please visit: https://aws.amazon.com/compliance/programs/

DigitalOcean data centers also maintain compliance with various security standards and best practices, including SOC 2, ISO 27001, GDPR, and CCPA.

To learn more about the security compliance of DigitalOcean data centers, please visit: https://www.digitalocean.com/security

Our application is designed with redundancy for network and power failover protection. In the event of component failure, a redundant counterpart is available to handle the load, ensuring our systems remain available.

Physical and Environmental Protection

Physical access controls to safeguard employees and protect systems that access, store, transmit, or process user information are implemented and include electronic access doors, video surveillance, security guards, visitor access controls, and security zones.

Data center equipment is protected from environmental threats using automatic fire detection and suppression equipment, climate control which prevents overheating and reduces the possibility of service outages, water leakage detection and removal, and uninterruptible Power Supply (UPS) units to provide backup power in the event of an electrical failure.

Monitoring

We implement various mechanisms and are constantly improving the monitoring of our networks, servers, and applications. We monitor errors, availability, system behavior, load, and other resource usages.

Incident Reporting

If you have any questions about Snitcher’s security program or if you need to escalate a security concern, please contact us at [email protected].

If you need a printed version of this information, use the 'print' and 'save as PDF' options from your web browser.

Did this answer your question?