Client Data Security within Conceptsauce systems

Some definitions

· CS Conceptsauce in all its forms and staff.

· Respondent A person (paid or otherwise) who is asked to interact with a CS hosted survey.

· Client Data When we say client data, we refer to the data collected by CS from a respondent during their interaction with a survey.

· Account Data Account Data refers to profile, login and other associated data used to provide the service to our customers.

· Client Assets Those assets, typically graphical, supplied by a client for inclusion and display within a CS hosted survey.

· Backend The various servers and cloud services that host the CS code and provide the survey service.

Physical Access

All CS systems are hosted in secure data centers meeting the ISO 27001 standards.

Backend

· CS maintain two live clusters, one running Kubernetes and one on Docker Swarm. Both are hosted by leading cloud providers Azure and Digital Ocean respectively.

· Access to each cluster is via encrypted connections and VPN and is restricted to senior technical staff only.

· Database access is further restricted to staff with an operational need.

· Both clusters are firewalled with only essential services being exposed. This is limited to API endpoints only.

Client Data

· Client Data is always moved around the net using HTTPS and / or secure websockets (which run on top of the basic HTTPS connection). This effectively mitigates any possible man-in-the-middle attacks.

· Within the CS backend Client Data is either MongoDB or Kafka.

· Client Data is provided via our secure API.

· CS can also provide a data extract CSV file. This is provided via a secure OneDrive folder upon request.

· Client Data is retained per agreement for a given project.

· Client Data is backed up every 12 hours.

Account Data

· Account Data is held on MongoDB and Kafka, neither is ever exposed outside the cluster firewalls.

· Access to the Data is on an operational need basis only.

· Account Data is backup up every 12 hours.