Access Control Policy: Justuno – Access Control Policy
All data is stored on our dedicated infrastructure at OVH across multiple continents. Each client's data is tagged with a unique code representing their account.
Only specific Justuno employees, on a need-to-know basis, have access to client data.
Servers are isolated from the public internet using OVH advanced firewalls and security groups are defined for strict control and limitation over access. SSH access is granted to specific servers only to key employees using private key authentication. We do not allow password based login's on any servers. Only necessary ports are open to specific security groups. More information regarding OVH's own security policies can be found here.
Production database access is restricted only to key Justuno employees that require access. DB is isolated internally and protected using multiple layers of security including a dedicated vlan and secure authorization best-practices. Systems are routinely monitored for performance and security.
Production exceptions are tracked and reported via an internal notification system that will notify our on-call engineering team immediately in the event of an error. All exceptions are logged and monitored using multiple open source and in-house developed systems. Our monitoring covers system-level and application-level events and notifies us when there are any inconsistencies or unexpected spikes/dips, etc. Examples of events include monitoring client's daily form submissions, engagements, impressions, conversions, portal updates, database logged errors, performance or latency of different services, etc.
Application and system logs are aggregated and retained on servers. Logs are propagated to our notification / health service for monitoring and alerting purposes.
Security updates are monitored daily and servers are patched as soon as an update is reported by our systems / ops engineers.
Databases are replicated for redundancy across their data center and data centers in whole are replicated to other data centers located on other continents. For backups we a) perform database snapshots b) replicate to data-warehouse multiple times per day c) perform full server backups including database backups. These backup files are encrypted and stored on our own dedicated systems also located within in our infrastructure.
Client data is retained for the life of the client's "active" account. Once an account has been canceled, all of it's data other then it's anonymous data normalized into an aggregated form will be deleted within 30 days. Client's may request more immediate destruction of their data at anytime via there account settings page or by emailing firstname.lastname@example.org
* An "active" account is defined as an account that has not been canceled within the Justuno portal. Paused accounts and accounts who's app has been uninstalled from the website are not canceled automatically.
This document was last updated May 10, 2018