Security Overview
Security and compliance are top priorities for Datch because they are fundamental to your experience with the product. Datch is committed to securing your organization’s data, eliminating system vulnerabilities, and ensuring continuity of access. Datchuses a variety of industry-standard technologies and services to secure your data from unauthorized access, disclosure, use, and loss.
Infrastructure
Data Centers
Our application is hosted and managed within Google Cloud Platform (GCP) secure data centers. These data centers have been accredited under:
- ISO 9001:2015
- ISO/IEC 27001
- ISO/IEC 27017
- ISO/IEC 27018
- ISO/IEC 27110
- ISO/IEC 27701
- SOC 1
- SOC 2
- SOC 3
We make extensive use of the capabilities and services provided by GCP to increase privacy and control network access throughout our system. Documents that provide more details about GCP security are available at Google Security Whitepaper.
Data Storage
Datch data stores are accessible only by servers that require access, and our data stores cannot be accessed publicly. Access keys are stored separately from our source code repository and only available to the systems that require them. All data is encrypted at rest.
Backups
We maintain encrypted backups for at least one month, and we can restore data to any exact point-in-time within the past month if needed. We perform daily backups. We do not retroactively remove deleted data from backups as we may need to restore it, if removed accidentally.
Safeguards
Vulnerability Scans and Penetration Testing
Datch uses security tools to regularly scan for vulnerabilities. Additionally, vulnerabilities in third-party libraries and tools are monitored and software is patched or updated promptly when new issues are reported. The system regularly undergoes third-party security reviews and penetration testing to identify potential vulnerabilities and ensure that they are addressed.
Firewalls
Our data servers are protected by firewalls and not directly exposed to the Internet.
Employee Screening and Confidentiality
We take reasonable steps to ensure the reliability, confidentiality, and integrity of our employees and other personnel having access to sensitive data, including the conducting of appropriate background and/or verification checks. All Datch employees sign confidentiality agreements.
Encryption
All Datch web traffic is encrypted-in-transit and served over HTTPS. We force HTTPS for all web resources, including our REST API, web app, and public website. Our primary databases, including backups, are fully encrypted-at-rest. Our archives and logs are also fully encrypted at rest. We use industry standard encryption algorithms with a minimum strength of AES-256.
Authentication and Privacy
Passwords
Passwords are never stored in a form that can be retrieved. Instead, we store an irreversible cryptographic hash using a function specifically designed for this purpose. Authentication sessions are invalidated when users change key information and sessions automatically expire after a period of inactivity.
Secure Single Sign On
Datch supports multiple secure single sign on (SSO) standards, including SAML 2 and OpenID Connect. Leveraging SSO enables customers to control user access to Datch as well as utilize multi-factor authentication.
User Roles
We provide multiple user roles with different permissions levels within the product. Roles vary from account admins to users. In critical systems we practice the principle of least privilege.
Reliability and Compliance
Policies
Datch has developed a comprehensive set of security policies that cover a range of topics. These policies are updated regularly and shared with our employees. Please see our Product Privacy Statement to learn more.
SOC 2
Datch is working through the process of becoming SOC 2, Type 2 certified and uses automated industry-leading and industry-trusted tools to alert us immediately when we fall out of compliance. Our staff and product are going through rigorous security screening to ensure the security and confidentiality of user data.
Data Privacy Compliance
Datch is committed to complying with applicable laws and industry regulations relating to the personal information and data we process, gather, and use in the provision of our services. In general, we process personal information and data as a data processor (and service provider) on behalf of our clients to support our services and enhance your experience on our platforms. In doing so, we follow the written instructions of our clients and strive to enter into processing and service provider agreements with our clients to protect your information and honor your disclosure and deletion rights under applicable local, state, federal, and international privacy laws. See our Product Privacy Statement to learn more.
Availability and Disaster Recovery
Datch is built with fault tolerance capability and is highly-available. Our core services are fully redundant with replication, failover, and backups. Services are distributed across multipleGCP availability zones. These zones are hosted in physically separate data centers, protecting services against single data center failures.
Incident Response
Datch maintains an incident response plan that includes procedures to be followed in the event of an unauthorized disclosure of data or other security incident.