Data Security & Privacy
We take security absolutely serious.
Your e-commerce brand's data is priceless. We know from experience the absolute importance of protecting it. So, we implement industry best practices.
Our Data Security Processes
We implement industry best practices.
Password Policy
Every password is a minimum of 12 characters with 1 (or more) digits, 1 (or more) symbol, 1 (or more) upper case letter, and 1 (or more) lower case letter.
Cloud Best Practices
We store data in Amazon Web Services (AWS) - generally S3 and RDS instances - following all recommended encryption and security standards.
Data In-Transit
All data in transit is encrypted via Transport Layer Security (TLS).
Data At-Rest
All data at rest is protected with server-side encryption (e.g., S3 bucket encryption).
Application Credentials
Application credentials are rotated every seven (7) days using Amazon Secrets Manager.
Identity & Access Management
AWS IAM roles and policies are used to enforce "least privileges access" and "zero trust" policies.
Virtual Private Cloud (VPC)
All data is processed within an AWS VPC providing secured and monitored connections, screened traffic, and restricted instance access.
Certificate Management
We use AWS Certificate Manager (ACM) to securely and automatically manage the entire certificate life-cycle.
Key Management
We use AWS Key Management Service (KMS) to securely and automatically manage our encryption keys.
Monitoring & Auditing
We use AWS CloudTrail and CloudWatch to monitor and audit our entire data protection infrastructure.
FAQs
Frequently Asked Questions
Do you have a privacy policy?
Yes, you can access it here.
How long do you store data?
Your data is stored so long as you're a customer of symphonie. If you close your account, all your data is purged within 24-hours.
Do you store Personally Identifying Information (PII)?
If you choose to use certain components of our platform, we may by necessity store PII. For example, our integration between Amazon Vendor Central and your 3PL that enables automated management of Purchase Orders (POs) may by necessity include PII.
All PII is protected using industry best practices.
Do you only use AWS?
Today we primarily use AWS for all our cloud-based infrastructure. For specialized use cases, we may use Google Cloud as an alternative to AWS. When we do so, we use the equivalent Google Cloud security best practices and technology.
What technologies manage your infrastructure?
We use Terraform to implement an Infrastructure as Code (IaC) environment. This enables us to efficiently, quickly and scalably manage all our infrastructure (e.g., KMS, ACM, S3, RDS) with minimal risk of human error.
In short, IaC enables us to implement and maintain industry best practices for data security by minimizing manual steps.
Have questions?
Feel free to contact us using the form below.
We're here to help!