Is my data safe?

Yes. Your data is encrypted at rest with LUKS and in transit with SSL.

Is your service GDPR compliant?

Yes.

How do you ensure that your company keeps up with all data protection laws and the necessary staff are trained?

We have a dedicated data protection officer and are GDPR compliant.

What is your data retention policy?

You are able to execute a GDPR-compliant delete, which will remove every trace of your customer or tester details including your user test videos from our system, permanently.

How is the data destroyed?

We perform a GDPR-compliant removal of all customer-related data.

Have you ever in the past had any security breaches, and/or customer data enter the public domain?

No.

Do you support privacy shields?

We don’t support privacy shield anymore as it has been declared invalid by the EU.

Where is my data stored?

All user data except video recordings of testers is stored on servers within Europe in our datacenter in Frankfurt. Video recordings of testers are stored on a worldwide CDN to ensure the best performance. 

ISO27001 Compliance

We don't currently comply with ISO27001 or have a SOC II Type II certificate and working on compliance for these requirements isn't currently on our roadmap.

What is your data retention policy? 

You are able to execute a GDPR-compliant delete, which will remove every trace of your customer or tester details including your user test videos from our system, permanently.

Do you maintain up-to-date technical data of your products/services?

Yes.

Do you advise customers when your products/services are updated? If so, how?

Yes. Through in-app notifications, newsletter, knowledge base, and the blog.

Do you operate a supplier assessment system?

No.

How, where, and how frequently is our data backed up?

Our database and Webserver multiple times per day through a data center in the EU.

At what point(s) is our data unencrypted? 

Database and Webserver at rest.

Who has access to our data?

Only you and our service administrators.

Is our data transferred between different locations at any point. If so, how and where?

Database and data on a Web server aren't transferred between different locations. Videos are, after a period of time, transferred from global CDN  to a video archive server in the EU (Frankfurt).

What safeguards are in place for data transference?

Industry-standard encryption.

Is all network traffic between servers and clients encrypted?  

Yes.

Are you reliant on any cloud platforms or other major infrastructure suppliers? If so, who?

Yes, on Amazon AWS, DigitalOcean.

Are there any single points of failure to your service? If so, what are they?

No.

Are passwords hashed and salted at all times within your system?

Yes.