full_square_customcolor_customcolor (1)

Security and Privacy Policy

Updated: 2 May 2022

The privacy of your data is very important to us. This document explains how your data is stored, where it is stored and whether it is stored securely.

Security

Infrastructure

Customer Data is stored and processed in data centres with appropriate physical, technological, and administrative controls enacted to ensure appropriate access of Customer Data.

Data Encryption

Data is encrypted over the wire via 256-bit (SHA2) TLS certificate, TLS 1.0, 1.1 and 1.2. Database is encrypted via AES256. File attachments are also encrypted via AES256.

Data Backups and Disaster recovery

Data is backed up on an hourly basis. Since the data in the database is encrypted, backups are encrypted as well. Backup files and server logs are copied to a secure disaster recovery facility where they are kept for 6 months before being permanently deleted. We do not use any type of removable media for backup storage, all backup files are stored on secure servers.

Personnel Access

A small team of operations personnel have administrative access to the infrastructure where databases are hosted. Additionally, Data Relic developers occasionally require read-only access to the database metadata to troubleshoot problems. The support personnel do not have access to customer databases unless they are invited or authorized by a customer.

All Data Relic personnel sign confidentiality agreements before gaining access to the code and data. Data Relic personnel are trained and made aware of security concerns and best practices. Remote access to servers is established via company VPN and limited to the personnel who need access for their day-to-day work. All access events are logged for all accounts by IP address.

Incident Response

Once Data Relic becomes aware of any suspected or confirmed data breach, Data Relic will notify all affected customers via e-mail within 72 hours.

Privacy

Personally identifiable information

When a user registers a new account with Data Relic, the system asks for first and last name, e-mail address, password, locale, and time zone information. Your name helps to personalize your experience and your E-mail address is used as a unique user identifier and for communication with the user. Locale and time zone information is used by the system to present numbers and dates in an appropriate format.

Due to various data integrity constraints, user accounts cannot be deleted, but it can be cleared from any personally identifiable information upon written request.

Sharing personally identifiable information

We will never pass your personal information to third parties, and we will not use your name in marketing statements without your permission. However, your name and e-mail address may be copied into and securely stored in other systems owned by Data Relic

Cookies

Data Relic uses cookies for authentication, keeping certain user preferences and tracking user movements around the site. No cookies, however, contain personally identifiable information.

Law enforcement

Data Relic will not hand your data over to law enforcement unless requested by a court order. We will reject data requests from local and national law enforcement without a court order. And, unless we are legally prevented from it, we will always inform you when we receive such requests.

Data retention/deletion

Customers are responsible for understanding and implementing their data retention and deletion requirements related to the data they uploaded to the database. Customers may delete their data at any time and primary instances of their data in production systems will be erased immediately, however, since backups are kept for 6 months, it may take up to 6 months for their data to be completely purged from our backup systems after been deleted from the app.

Deleted Records

Deleted records are moved to the database’s Recycle Bin, where it is stored for 30 days and then purged automatically. The database administrator can purge records from the Recycle Bin manually at any time.

Expired databases

A database is considered ‘expired’ when either its trial period ends, or a database subscription is cancelled. Data Relic blocks access to expired databases. Expired paid databases are securely kept in locked stage until being deleted by a database owner or administrator. Expired trial databases are deleted automatically within 90 days after expiration. Database administrators are provided with all the means to delete a database at any time, before or after its expiration.

Deleted Databases

Databases that are deleted by their owners or administrators will disappear from the reach of users immediately and will be physically deleted from the global database within 30 days.

Backups

All types of data deleted from online databases (from individual records to whole databases) will reside in system backups for 6 months. It will not be restored back to production systems, except for in certain rare instances such as the need to recover from a natural disaster or serious security breach. In such cases, some of the deleted data instances may be restored from backups, but Data Relic will immediately take all necessary steps to honour the initial request to delete and erase the primary instance of the data again.

Miscellaneous

Intellectual Property

The database structure and workflow configuration of customer databases are considered by Data Relic as the intellectual property of Data Relic. The database data of customers is the intellectual property of the customers which Data Relic protects and will never share with other customers.