Security

We at EasyInsights take the security of your information very seriously. One of our most important duties is to protect your data. We firmly believe in being open and honest in all aspects of our business, including our security procedures, to ensure that you, our customer, are aware of our ideology and level of commitment.

Certificates and Regulations

The GDPR compliance of customers is supported by EasyInsights. EasyInsights does not have to adhere to PCI DSS regulations because it uses outside service providers to process credit cards.

We do not store the data that you load using our data integrations indefinitely. Your data never enters a backup at any point.

We cache data for the amount of time required to serve you efficiently. Data is almost always stored in short-lived encrypted caches.

Your data is always strongly encrypted while it is on our systems, travelling between the data source and us, or from us to you.

Contact [email protected] if you have any questions or comments.

Customers' Data Protection

In general, the data handled is associated with spend monitoring. The majority of the data will be about spend, clicks, impressions ,sign-ups, and other similar things.

In rare cases, there may be a use case for importing fields that contain a customer ID number or other personal data. However, PII data isn't the most important type of data handled by the EasyInsights service.

Strong Transport Layer Security (TLS 1.2) encryption is used for all data transfers between the customer's service and the various services

The virtual private cloud logically separates the data belonging to each customer.

Environmental & Physical Safeguards

We are committed to ensuring that your information is secure. To EasyInsights processes your data using leading cloud providers. Our preferred providers are Google Cloud Platform, Digital Ocean and Amazon Web Services, all of them have excellent compliance and regulatory audits such as SOC 1/2-3, PCI-DSS, and ISO27001.

Google Cloud Platform, Digital Ocean and Amazon Web Services certification documents are available directly from Google, Digital Ocean and Amazon.

Solution Infrastructure

We use hardened and customised server images, bastion hosts, various types of firewalls, and multi-factor authentication, among other industry best practises. As a "data privacy first" organisation, we adhere to regular standards for least privilege enforcement, monitoring, and review of our IAM (identity and access management) policies and security roles.

We conduct annual third-party security audits of our application and systems. The reports of these tests may be obtained from us under NDA.

Code Deployment

EasyInsights' development organisation adheres to a rigorous development process in which security is integrated throughout the various development phases.

All changes to production-ready source code are subject to code review by a qualified engineering peer, which includes security and performance analysis.

Before updating production services, all contributors to the updated software version must confirm that their changes are working as expected in the staging environment.

There is an automated flow for third-party software used in development that ensures potential vulnerabilities are identified and remediated.

Company Policies

EasyInsights requires all employees to follow security policies that protect all customer information and address multiple security compliance standards, rules, and regulations. We ensure that all employees are immediately trained on our security policies and that this training is repeated at least annually.

Administrative access to systems requires two-factor authentication, VPNs, and strong password controls. All of these policies are regularly reviewed. EasyInsights has various change management and peer review practises in place within our software development life cycle to ensure best practises are followed.