Cloud Security Statement

Effective as of October 12, 2018.

Overview

Stravito cloud services (Stravito Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Stravito is responsible for monitoring, managing and securing the Stravito Cloud.

Facilities

AWS manages the data centers that host the Stravito Cloud. For more information about security at those data centers, see here.

Stravito Cloud data is hosted in the Ireland.

Certification

Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.

AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf)

People and Access

Within Stravito, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Stravito Cloud.

Customers are responsible for maintaining the security of their own login information.

Customer Data Separation

Each customer’s data is isolated from all other customer data (single tenant). Stravito does not offer any products or features which combine, integrate, or otherwise access data between one customer and another.

Data Storage

In the Stravito Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Stravito Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.

Data Retention

Data is retained indefinitely while you are our customer. In case you leave our service all data will be removed.

Backups

Customer data is backed up once a day, and is encrypted following industry standards. Backup lifetime is three months.

Security Tests

Stravito Cloud services are tested regularly by external parties. If findings occur they will be solved immediately.

Disaster Recovery

Stravito’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.

Privacy

Stravito understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Notice.