Customer Data And Security
We run our services to ensure maximum uptime while focusing on the security of any customer data.
Infrastructure
Conholdate's customer facing services are delivered via Amazon Web Services (AWS), the largest and leading provider of cloud infrastructure. Millions of customers in hundreds of countries, including government agencies, educational institutions and non-profits trust AWS every day with their infrastructure and data.
Using an industry standard like Amazon helps guarantee the security and resilience of our services. Amazon has attained a number of certifications that affirm that they have stringent, working internal controls.
Physical Security
Amazon safeguards the physical security of their servers. Servers are located in non-descript facilities, and critical facilities have extensive setback and military grade perimeter control. Access to data centers requires two-factor authentication at three points.
Server and Data Security
Host operating systems are kept secure by internal processes and procedures. Guest operating systems are entirely controlled by Conholdate. Amazon administrators do not have access to them. By default, inbound firewall rules deny all traffic to host servers.
Backups and Disaster Recovery
All critical and production systems are backed up nightly using full system snapshots. Backups are tested periodically.
All backups are encrypted, securely transmitted and stored within the Amazon S3 storage service which allows for data to be stored on no less than three physically independent devices for security and resilience.
All access is logged and tracked for auditing purposes.
Maintaining Privacy
Account passwords are encrypted and filtered out from all application and system logs. Passwords are not visible to anyone.
Sign out of your Conholdate account to prevent someone from using your computer to access your account without your authorization. Keep your user name and password secure and do not disclose it to any third-party. In case a third-party gains unauthorized access to your account due to any act or omission on your part, you are solely responsible for any loss caused.
Credit Card Safety
Conholdate does not retain any credit card information provided by you. When we charge your credit card, such information is transferred directly to, and processed by, our payment gateway.
To protect user information, Conholdate's payment gateway uses the latest 256-bit Secure Socket Layer (SSL) technology for secure transactions. The payment gateway is certified as compliant with card association security initiatives including Payment Card Industry (PCI) and Cardholder Information Security Program (CISP) standards for data protection.
GDPR Compliance
Conholdate is GDPR compliant, read our GDPR policy here, we also maintain a list of the Subprocessors we use on this page.
File Retention Policy
Conholdate products run on customer's own machines, infrastructure and network and do not send any files back to Conholdate for processing and therefore does not have access to them.
The one exception to this is where a customer has access to a Conholdate Metered License. These licenses report usage information to our servers for billing purposes. The reported data only includes usage information, no other statistical information can be derived from this reported information.
From time to time a customer may send documents to the Conholdate support team via the forums for the purpose of diagnosis of technical issues or feature requests. These files are maintained only as long as necessary to complete the required task and the customer can ask for these files to be removed at any time.
If the customer marks a thread as private none of these files are accessible to any person other than the customer and select Conholdate staff.
Service Monitoring and Reporting
Each core Conholdate system as well as several non-essential systems are monitored to ensure they are always contactable and functional.
We offer a public service status portal which lists historical downtime incidents and resolution notices. This provides real-time information in the event of any service disruption.
Uptime monitoring is accomplished using an externally hosted platform which notifies a company wide alerting system when any monitored services have issues.
We provide real-time status alerts of any system status changes, these can be subscribed to via RSS, ATOM or email.
More questions about Security?
You can read more in our EULA and Privacy Policy. If you have a question, concern, or comment about Conholdate's security that's not covered here? Email Us or Ask on the support forums.