Prodsight is built on a foundation of proven and secure technologies. Our customers entrust us with their information every day and we take their security seriously.
SAML Single Sign-on (SSO) allows users to authenticate into Prodsight with their Google G-Suite accounts without needing to create a password.
Password and Credential Storage
Prodsight enforces a password complexity standard and credentials are stored using a PBKDF2 function (bcrypt).
We have an uptime of 99% or higher and have monitoring and alerts in place to automatically inform us of any incidents or downtime.
Network and application security
Data Hosting and Storage
Prodsight services and data are hosted in Amazon Web Services (AWS) facilities (eu-west-1) in Europe, Ireland and Google Cloud Platform. These providers meet international security standards such as ISO 27001 and SOC 1, 2 and 3.
Virtual Private Cloud
All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests from getting to our internal network.
Permissions and Authentication
Access to customer data is limited to authorized employees who require it for their job. Prodsight is served 100% over https. We have 2-factor authentication (2FA), and strong password policies on Bitbucket, Google, AWS to ensure access to cloud services is protected.
Audits and Assessments
Our data centre providers maintain ISO 27001, SOC2 Type II, and many other certifications.
Prodsight conducts comprehensive daily backups, in addition to incremental snapshots to avoid data loss.
Data Privacy and Use
Prodsight maintains compliance with the EU’s General Data Protection Regulation and maintains product features, corporate protocols, and legal documents to help our users and customers comply. Click here to see a full list of our data sub-processors.
All employee and contractor agreements include confidentiality clauses.
Prodsight minimises the use of personally identifiable information (PII) by excluding structured PII such as your customer names, email addresses or phone numbers from being imported into our systems.
Data is never sold and rarely accessed
Your data is your data and will never be sold to third parties. Further, your data is only accessed with permission or in the event of a security or a QA issue.
Data is studied in aggregate
All payments made to Prodsight go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.
We hold a cyber insurance policy that protects our business against cybercrime – things like fraud, data theft, social engineering, and data breaches.
If you think you may have found a security vulnerability, please get in touch with our security team at [email protected].