Security

Security
Dataimporter.io takes security very seriously. We follow best practices when it comes to data security, and only selected employees can access our databases.

Authentication
We offer both Salesforce oAuth 2.0 or email and password authentication methods. Passwords are hashed and salted. We can never access your plain-text password and will never ask you for your password, or for your Salesforce Password.

Your oAuth Tokens are encrypted and stored in our Database for processing your data. You can revoke access to our app at any time by visiting the instances page (https://app.dataimporter.io/instances) and clicking on Disconnect next to the instance:

Hosting and Physical Security

Dataimporter.io is hosted on Linode (https://www.linode.com), and our servers are all located in either Frankfurt, Germany or Dallas, TX. You choose which server the data should be hosted on when you sign up for Dataimporter. Linode provides strict and strong security policies, including but not limited to:

- Access to the data center floor is restricted to data center employees and authorized visitors.
- Data Centers are staffed 24/7/365 with security guards and technicians.
- All employees and visitors are identified using biometrics and state issued Ids before entering the facility.
- HVAC and power have redundant systems, so if one goes out, the others keep our systems powered and within operating temperature.
- All of Linode's systems are segregated from other tenants by locking cabinets. Only datacenter staff assigned to supporting Linode systems have access to the keys.
- Multiple Internet carriers using independent fiber connections to the data center floor.
- Our networks within the data centers have redundant routers, switches, and service providers. Multiple systems can fail without affecting downtime or performance.

The Linode data centre in Frankfurt is both ISO/IEC 27001:2013 and PCI DSS compliant.

We have firewalls on our servers, with only the necessary ports open, and only to specific IP Addresses.

All our services are provided via HTTPS. All information is encrypted in transit via TLS. 

Encryption

Dataimporter.io encrypts your data with AES 256-bit at rest. This includes the connection parameters you provide e.g. Postgres Database credentials, Dropbox oAuth tokens, and Salesforce oAuth tokens. We regularly rotate our encryption keys and only certain staff members have access to the tokens, and to your data.

Dataimporter makes API calls to your external systems, and Salesforce for the transfer of your external data. CSV and Excel files are encrypted and stored for 1 hour, for the upload process to complete, and then permanently deleted.

Dataimporter.io complies with the European Union's Global Data Protection Regulation (GDPR).

Data Storage

We store the following data:

- User data – As part of registration you must provide your first name, last name, email address, company name, and country.
- Data Connection parameters – If you connect to an external data source e.g. Dropbox, we will store the oAuth token. 
- Data Connection metadata – We also store metadata about the external source e.g. Type, Name etc. This is to provide you with a friendly interface, as well as to assist u with debugging / logging.
- Job Run History – We provide the history of which jobs have been run. This is so that you can audit your processed jobs as well as perform functions such as Rollback. The result files are stored for 14 days after the jobs have been processed.

If you want us to delete any information of yours, that is not deletable via the interface e.g. Account information, Job History, please contact us at support@dataimporter.io 

Payments

Dataimporter.io uses Stripe (https://www.stripe.com) as our payments provider. Stripe is a PCI Level 1 Service Provider. All Credit Card information is processed using HTTPS for all requests over TLS. All Credit Card information is encrypted at rest.

We store the last 4 digits, the expiry, and the brand of the credit card on our servers.

Data Breaches

While we follow industry-recognised standards for data security, nothing is ever 100% secure. In the event of a data breach, we have procedures in place, and will notify you and any regulator of the breach as soon as possible.

Data Processing Addendum

Here you can view the latest version of our DPA. If you would like a signed or amended copy then feel free to email us at support@dataimporter.io with your request and we will get back to you as soon as possible.