At RocketVisor, we believe that the cornerstone of trust is security. We work tirelessly to maintain that trust with our world-class systems and processes. As such, we have put in place the following procedures:
RocketVisor is a data processor, as defined by the GDPR. Consequently, RocketVisor is responsible for complying with GDPR regulations that pertain to data processors. RocketVisor has set in place technology and systems necessary to assert compliance with the standards set forth in the GDPR regarding onward transfer of data subject information to a data processor. We are also prepared to support our customers in meeting their GDPR obligations.
- We have appointed a Data Protection Officer (DPO) who has a seat on the company’s Board of Directors.
- We stand prepared to support our customers’ requests for deletion, restriction, and portability of EU data subjects.
- We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to the risks presented.
- We established breach notification protocols to appropriately notify affected parties within 72 hours of having become aware of such an incident.
- RocketVisor’s product employs a modern architecture consisting of data encryption in transit and at rest.
Best Practices: Protocols & Policies
Security is not just engineering. It’s maintaining strict procedures and reviews too.
- Full review of major initiatives by RocketVisor Security Council (“RVSC”) for threat assessment and security evaluation
- Quarterly internal audit of systems and processes by RVSC for security vulnerabilities and best practices
- Notification of known breaches to appropriate parties within 24 hours
- RocketVisor complies fully with the EU and EEA laws (such as GDPR) regarding transfer of data subject information to a data processor.
Monitoring & Logging
Our operations team constantly monitors the health and security of our servers.
- Daily monitoring of system health and scanning of security vulnerabilities, both manual and automated
- Detailed access logs of every data transfer for monitoring and audit, and automated alerts around anomalous or root access
- Quarterly review of security monitoring procedures by RVSC
Data Transfer & Networking
How our data travels: Encryption. Always.
- Industry standard SSL encrypted communication for authentication and data communication with all servers
- Minimal data transfer by optimizing local data storage on customers’ machines
- Virtual Private Cloud configuration creates firewalls around our systems
Data Storage, Access & Protections
Who has access and what they see.
- Our primary data sub-processors maintain industry-leading security standards (where possible, SOC2 and/or ISO 27001 certifications) and undergo periodic vendor reviews.
- We limit access to all systems and data on an as-needed basis
- All employees and contractors undergo strict vetting and are obligated not to disclose any customer data they may come into contact with
- Tight access controls and permissions, quarterly review by RVSC
- Broad system-level permissions hierarchy, and granular data-level authorization tagging built-in
- All customer data stored in an encrypted data warehouse with anonymous key relationships
- All analytic data stored in an encrypted data warehouse without any personally identifiable information
Data Backups & Disaster Recovery
Data loss is not an option.
- Customer data is 100% backed up to online replicas
- Our operations team monitors platform and application behavior for anomaly detection
- All services are configured in automatic scaling groups that scale up to meet peak demand
- We will proactively notify you of any customer-impacting situation
Last Updated on May 14, 2019