Cloud Security Statement

Stravito cloud services (Stravito Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its physical data centers and the AWS cloud. Stravito is responsible for monitoring, managing and securing the Stravito Cloud. More information about how Amazon secure AWS can be found here.

Facilities

AWS manages data centers that host the Stravito Cloud. Information about how Amazon maintains security at those data centers can be found here.

Stravito Cloud data is hosted in a region in your close proximity for technical and security reasons.

Certification

Amazon Web Services is responsible for managing security of the cloud service they provide. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.

AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf) as well as an ISO 27001 certification (PDF).

People and Access

Within Stravito, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Stravito Cloud.

Customers are responsible for maintaining the security of their own login information.

Customer Data Separation

Each customer’s data is logically separated from all other customer data. Stravito does not offer any products of features that make your data accessible by other customers.

Data Storage

In the Stravito Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Stravito Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.

Data Retention

Data is retained indefinitely while you are our customer. In case you leave our service all data will be removed.

Backups

Customer data is backed up (at least) once a day, and is encrypted following industry standards. Backup lifetime is 30 days.

Security Tests

Stravito Cloud services are tested regularly by external parties, such as third parties conducting penetration tests.

Disaster Recovery

Stravito’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.

Privacy

Stravito understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Notice.