Daasity Data Security Overview

This page outlines Daasity's security policies and procedures.

Daasity Security Overview

The Daasity Platform is a data platform for consumer brands that need to Extract, Load, Transform and Visualize their data.

We enable merchants to become data-driven organizations by helping them implement ELTVO. Daasity is the only data platform built specifically for brands. Brands have the flexibility to use Daasity for one component of their analytics stack, or all of it.

Daasity processes and stores end-user data on behalf of its customers

Infrastructure

The Daasity platform is hosted on the Amazon Web Services (β€˜AWS’) Infrastructure as a Service (IaaS) platform and Snowflake Data warehouse PaaS.

Daasity uses the AWS resources located in the US West (Oregon, us-west-2) region.

The components which make up the Daasity System are made available across different AWS Availability Zones to ensure redundancy at every tier of the Daasity Platform.

Daasity uses Reserved and On-Demand instances for all its compute requirements.

Ownership and Management of the hardware are within Amazon’s span of control as an IaaS provider. Daasity will use commercially reasonable efforts to make each Service available with an uptime of 99.8% of each calendar month ("Target Availability").

Security and Encryption At Daasity

Keeping our Customers' Data secure is a critical component of the Daasity infrastructure and Daasity policies and procedures. We go through considerable lengths to ensure that all Data sent to Daasity is handled securely - keeping Daasity secure is fundamental to the nature of our business.

At Daasity we follow a number of best practices that improve our security posture.

Security & Encryption Procedures & Policies

  • We have functioning, frequently used automation in place so that we can safely and reliably rollout changes to both our application and operating platform within minutes. We typically deploy up to multiple times a week, so we have high confidence that we can get a security fix out quickly when required.

  • All data sent to Daasity is encrypted in transit. Our API and application endpoints are TLS/SSL only and score an "A+" rating on SSL Labs' tests - meaning that we only use strong cipher suites and have features such as HSTS and Perfect Forward Secrecy fully enabled. We encrypt data at rest.

  • We regularly engage with well-regarded third-party auditors to audit our code-base and infrastructure, and work with them to resolve potential issues.

  • We use technologies such as Datadog, PaperTrail and AWS Cloudtrail to provide an audit trail over our infrastructure and the Daasity application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.

  • We use two-factor authentication whenever possible. We ask vendors to enforce two factor authentication in all their accounts.

  • We also encourage the use of two-factor authentication logins for our application to our merchants, so as to protect their user accounts.

  • We discourage the use of shared accounts on any system – when we have the option to support multiple user accounts.

  • Daasity uses 1Password to securely store and share logins. We review which accounts can access our systems and the permissions they have regularly.

  • We have a documented incident response plan and educate all staff on security procedures and policies.

Extract and Load Process

Replicating Data from our Customers’ Data Sources and loading them into a database is a core component of the Daasity platform. To ensure data is secure, the Daasity platform extracts and loads data as follows:

  1. Data is replicated from the source system (API or Database Replication) by connecting via TLS/SSL (API) or SSH (Database if available) to the source system

  2. Data is extracted and temporarily stored as encrypted files in the Daasity AWS S3 bucket. The Daasity AWS account is in a private VPC, which is NOT publicly accessible.

  3. Data is loaded into the merchant database (Snowflake if using the Daasity database) via a TLS/SSL connection.

  4. Data is available for up to seven (7) days to ensure the data is loaded properly. Once the data is loaded, it is removed from the Daasity AWS bucket.

Transformation Daasity

Transformation Code is stored in Github in a Private Repository that can only be accessed by Daasity employees who are required to have two-factor authentication enabled.

The transformation code is referenced from the private repository and then executed on the customer database.

All Transformation operations are performed via Secure Connections within the Daasity platform.

Selected Daasity employees can connect directly to the database but can only retrieve keys to login into the customer database by utilizing the Daasity platform which requires two-factor authentication and connecting via SSH.

Customers that utilize the Daasity Snowflake instance are required to access the database via secure connection. Customers that provide their own database may enable their own security protocols, however Daasity highly recommends customers implement two-factor authentication and SSH to access the database.

Visualization

Daasity restricts the ability of a Visualization tool to access a database via IP address permissions and secure connections. Daasity managed Visualization instances will have two-factor authentication required for users to sign into the visualization platform. Specific roles are created to restrict access to the database.

Customers that manage their own visualization instance may implement their own security protocols; however Daasity recommends that customers utilize two-factor authentication and restrict user access where appropriate.

Privacy

Information on the Daasity Privacy Policy, the EU-U.S. Data Privacy Framework (EU - U.S. DPF) and the UK Extension to the EU-U.S. DPF, the Data Processing Addendum and Subprocessor List can all be found in our Daasity Privacy Policy

Daasity does NOT need to be PCI compliant because we do NOT store Credit Card or Debit Card Information

Daasity Data Retention Policy

All Merchant Data stored in the Daasity Database is available throughout the term of the contract. Once the contract has been terminated, the data may be available for up to 30 days for the merchant to download the data.

The merchant may request data to be deleted at any time during the 30 days.

However, once 30 days have expired from contract termination, the data is deleted from the Daasity platform.

Last updated