With the European Union's General Data Protection Regulation (GDPR) coming into effect on May 25, 2018, we at Site24x7 have been rolling out a number of changes to ensure we meet the guidelines. We're committed to protecting the confidentiality and security of the data our customers share with us. That's why we'd like to share some insight about all the important GDPR-related measures we've put in place to ensure compliance. Please read on for a quick summary of all our GDPR related updates.
Encryption and storage of personal data
- Customer-centric data such as username, password, email address, mobile number, age, date of birth, address, job title, and credit card details are encrypted and stored in our database using the Advanced Encryption Standard (AES).
- All monitor configurations including hostname, IP address, HTTP access credentials, NTLM credentials, URLs, and third-party service keys are treated as personal data, meaning they are securely encrypted and stored. Similarly, all our monitoring agents protect customer information in an encrypted format, including the End User Monitoring (EUM) agent, the Real Browser Monitoring (RBM) agent, the Windows and Linux server monitoring agent, the On-Premise Poller software, and the APM Insight agents.
Thorough audits and agreements for safeguarding customer data
- We conduct internal audits of our products, processes, and operations to ensure any customer data that's accessed for support and debugging is correctly used. Additionally, our logs are audited to prevent any critical data from being included. We've also configured monitors to check for any sensitive data patterns.
- Users with proper web client access permission can utilize our Audit Logs feature to view all critical events in the account including any write actions, time stamp details, user details, and parameter changes.
- We are assessing our sub-processors (third-party SMS and voice providers) and streamlining our contract process with them to ensure they address the pressing needs of the current security and privacy world.
Right to erasure
- Once a customer initiates termination of their Site24x7 account, Site24x7 will retain all this user's data for 30 days before erasing it completely from our US or EU data centers.
Right to rectify
- Customers with requisite user permissions can manually log in to Site24x7's web client using their valid credentials and correct their inaccurate or incomplete personal data. Additionally, they can update any personal data using our documented RESTful APIs.
Right to data portability
- Data portability is one of the most important rights offered to data subjects by the GDPR. At Site24x7, we allow secure porting of personal data, even when transferring monitoring data from our US data centers to EU data centers, and vice versa.
- Customers can also securely log in to their account and export the sub-users (data subject) list, the monitor metadata, and the reporting data as a CSV file.
Authenticate to receive email, SMS, and phone alerts
- Any Site24x7 customer will start receiving email, SMS, and voice-based alerts and reports only after they've successfully verified their email and phone number.
- Customers can instantly report abuse or opt out of emails concerning monitor status alerts, monitor configurations, and performance reports by accessing the unsubscribe link at the footer of our emails. Additionally, customers can click the opt-out link provided in the verification SMS to unsubscribe from all SMS and voice-based alerts.
We have a privacy-conscious culture at Site24x7 and GDPR is an opportunity for us to strengthen this even further. Hence, we plan to implement GDPR guidelines as our baseline standard for all our operations, worldwide. If you have any questions on GDPR compliance, please reach out to our support team at firstname.lastname@example.org.