Security | Prodsight

Prodsight is built on a foundation of proven and secure technologies. Our customers entrust us with their information every day and we take their security seriously.

Product security

SSO

SAML Single Sign-on (SSO) allows users to authenticate into Prodsight with their Google G-Suite accounts without needing to create a password.

Password and Credential Storage

Prodsight enforces a password complexity standard and credentials are stored using a PBKDF2 function (bcrypt).

Uptime

We have an uptime of 99% or higher and have monitoring and alerts in place to automatically inform us of any incidents or downtime.

Network and application security

Data Hosting and Storage

Prodsight services and data are hosted in Amazon Web Services (AWS) facilities (eu-west-1) in Europe, Ireland and Google Cloud Platform. These providers meet international security standards such as ISO 27001 and SOC 1, 2 and 3.

Permissions and Authentication

Access to customer data is limited to authorized employees who require it for their job. Prodsight is served 100% over https. We have 2-factor authentication (2FA), and strong password policies on Bitbucket, Google, AWS to ensure access to cloud services is protected.

Audits and Assessments

Our data centre providers maintain ISO 27001, SOC2 Type II, and many other certifications.

Backups

Prodsight conducts comprehensive daily backups, in addition to incremental snapshots to avoid data loss.

Data Privacy and Use

GDPR Compliance

Prodsight maintains compliance with the EU’s General Data Protection Regulation and maintains product features, corporate protocols, and legal documents to help our users and customers comply. Click here to see a full list of our data sub-processors.

Confidentiality

All employee and contractor agreements include confidentiality clauses.

Data Minimization

Prodsight minimises the use of personally identifiable information (PII) by excluding structured PII such as your customer names, email addresses or phone numbers from being imported into our systems.

Data is never sold and rarely accessed

Your data is your data and will never be sold to third parties. Further, your data is only accessed with permission or in the event of a security or a QA issue.

Data is studied in aggregate

Data is studied in aggregate to improve our products, security, and knowledge of the market. You can easily opt-out of this through a custom Terms of Use.

PCI Obligations

All payments made to Prodsight go through our partner, Stripe. Details about their security setup and PCI compliance can be found at Stripe’s security page.

Security questions?

If you think you may have found a security vulnerability, please get in touch with our security team at [email protected].

Learn more about Prodsight by reading our Terms of Service, Privacy Policy and Cookie Policy.