About: This article discusses data privacy, security, and protection measures for Bridge.
Table of Contents
Introduction
Rapid Insight does not take the security and privacy of your data lightly. Here are our security and privacy standards for Bridge. For additional information about security and privacy, please contact ri-support@eab.com.
Authentication
Bridge uses a token-based authentication system provided by the industry leader Auth0. With this state-of-the-art system, no user passwords are stored in our database.
Data Transmission
All communications between the client (your browser) and our servers are encrypted and authenticated using one of the strongest protocols available, TLS 1.2.
We use strong key exchange (ECDHE_RSA with P-256) and a strong cipher (AES_128_GCM).
Our server encryption test receives the best possible A+ rating from Qualys SSL Labs.
Servers
Application Servers
Bridge uses servers hosted by Digital Ocean, the second largest hosting company in the world (after Amazon). These servers are located in New York City, and securely carry out the application services and database tasks. Bridge is fully protected from cross-site request forgeries and SQL injection attacks. Every API endpoint is blocked unless the user is authenticated, and every asset is checked to ensure the authenticated user has correct access rights to retrieve or modify the data. Any failed attempt to access the data without the necessary rights is logged and dealt with accordingly.
The hosting servers cannot be logged into with username/password credentials, and all related server management accounts are protected with strong passwords and multi-factor authentication. The servers and frameworks are kept up to date with the latest security patches.
Backup Servers
All databases are backed up nightly on Amazon S3 servers.
Confidentiality & Privacy
Rapid Insight understands and deeply appreciates the highly sensitive nature of the information you enter into the Bridge platform. We are committed to maintaining the confidentiality and privacy of all such information. We maintain rigid internal controls to ensure that your information is kept confidential and is not disclosed to any unauthorized individuals. No Rapid Insight employees will access your information except as necessary for software usability and support purposes, and only then by authorized personnel on a need-to-know basis and under a strict duty of confidentiality.
Related Article
Comments
0 comments
Article is closed for comments.