Keeping your data and our services secure is our top priority. The confidentiality, integrity and availability of your data is extremely important to both your business and for GravaMetrics. We use multiple safeguards to protect your data, and are constantly monitoring and improving our products and services to help protect your data.
To identify and mitigate threats, Gravametrics monitors data from various sources and alerts from internal systems. The current status of GravaMetrics as well as a historical chart is available here.
At GravaMetrics we use Scaleway as our hosting provider. Scaleway is a secure scalable cloud provider for more information on the Security policies see here.
All data is backed up on both daily and weekly schedules. Backups are not transported off site, but are stored in Scaleways Object Storage which is a highly reliable object storage system. Backups are stored in a different data center to ensure that they can be recovered in case of loss of the primary data center.
Connection to GravaMetrics services are secured using secure socket layer/transport layer security (SSL/TLS), using strong encryption and authentication (TLS 1.3 AES_128_GCM), to ensure that your users have a secure connection from their browsers to our services. Certificates are generated using Let's Encrypt (Api) and Cloudflare (FrontEnd). All connections both internal and external are secure using SSL.
Users access GravMetrics using email address and password both are set by the user. Account can be additionally secured using 2 Factor authentication which is enabled from the users profile page. Passwords are salted and hashed and NOT encrypted. Data and dashboards can be shared to Groups or specific users allowing full control over what a user can see and use. By default data and dashboards are only accessable to the users that creates them. The application also maintains an event log, capturing items such as authentication, failed login attempts, asset creation, deletion, and modification. Network level firewalls prevent unauthorized traffic from reaching servers in the data center.