Security and Privacy

Data Security

Customer account information is encrypted in transit and stored in a secure data center hosted by GCP.

• Prodoscore uses encrypted connection protocols including HTTPS, SSL, and TLS
• Mutual authentication is provided by a combination of digital certificate and per-instance shared key creation during deployment utilizing Google Cloud Key Management System (Cloud KMS)

Data Storage

Prodoscore uses multiple layers of encryption to protect customer data in the GCP.

• Cloud data is stored using AES-256 encryption
• Data is automatically encrypted before being written to cloud storage
• Every piece of data (i.e. application activity metrics, scores, and activity logs) is organized into discrete blocks that are then encrypted

Data Privacy

Prodoscore does not view private information collected within your account – that data is yours. We only access customer data upon request from an authorized administrator for your account.

• Client information stored in the cloud is encrypted at rest with our organizational keys – Prodoscore employees do not have access to this information unless temporarily granted by the customer for troubleshooting
• User access is highly restricted and must be approved by an organizational admin designated by you

Data Recovery, Retention, and Protection

Customers have control of their own data. Active accounts have the ability to determine which specific data elements are to be retained and can be exported via numerous methods in compliance with Right to Data Portability (GDPR, Article 20).

The platform is architected with several layers of security across a distributed, reliable infrastructure. All Prodoscore data is stored in a secure data warehouse managed and secured by GCP.

• Servers are hosted in a SOC2 type 2 compliant datacenter, across multiple availability zones/regions
• Google’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley