Effective as of October 12, 2018.
Stravito cloud services (Stravito Cloud) are hosted and delivered by Amazon Web Services (AWS). Amazon is responsible for the security of its actual data centers and the AWS cloud. Stravito is responsible for monitoring, managing and securing the Stravito Cloud.
AWS manages the data centers that host the Stravito Cloud. For more information about security at those data centers, see here.
Stravito Cloud data is hosted in Ireland.
Amazon Web Services manages the security of the cloud. AWS has been certified by third-party organizations, and manages many compliance programs to comply with laws and regulations. A list of such certifications and compliance statements can be found here.
AWS has a public SOC 3 report on Security, Availability & Confidentiality (pdf)
Within Stravito, only a few trusted members of our Cloud Team have access to the production environment for the purposes of maintaining our cloud services and assisting our customers. Additionally, we monitor all access to Stravito Cloud.
Customers are responsible for maintaining the security of their own login information.
Each customer’s data is isolated from all other customer data (single tenant). Stravito does not offer any products or features which combine, integrate, or otherwise access data between one customer and another.
In the Stravito Cloud, data at rest is encrypted following industry standards. Additionally, all communications with the Stravito Cloud are protected with HTTPS using TLS and within the Cloud with VPN network connections.
Data is retained indefinitely while you are our customer. In case you leave our service all data will be removed.
Customer data is backed up once a day, and is encrypted following industry standards. Backup lifetime is three months.
Stravito Cloud services are tested regularly by external parties. If findings occur they will be solved immediately.
Stravito’s Cloud team has a disaster recovery process in place and it is tested on a regular basis.
Stravito understands the importance of ensuring the privacy of your personally identifiable information and being legally compliant to privacy laws and regulations. For more information, please see our Privacy Notice.