Our Data Policy
Our policy is very simple, you (the user) own and manage your data. We do not store or receive any processed data in our central servers (excluding metadata). In addition, we do not (and will not) sell data, metadata, aggregated data or any other user data or information. Our revenue model is based on providing premium services, not by selling data.
What data do we store?
- User logins and repositories (user passwords are hashed/salted)
- Database connection information. Database passwords are encrypted and can only be decrypted by the remote agents encryption key.
- Other data integration information such as jobs, schedules, and transforms
What we do not store?
- Encryption keys. These are stored with the locally installed remote agent.
- Processed data. Data processing occurs between the remote agent and the data sources only.
Data isolation achieved by using firewalls and networks (and in some scenarios "air gaps") to create barriers between the data storage platform and unwanted users. The Integration Hub does not require data to be moved from these isolated areas.
Local Network IsolationWhen the database is stored on the local network (but not available on the internet), a remote agent is installed on the local network which will perform the data processing remotely.
Strict IsolationWhen the database is on a highly secured network, which does not have outbound access to the central server, a development platform should be created outside this area to allow building and testing of data jobs. The tested jobs can be exported and run in isolation on the secured network.
Publishing Isolated DataWhen data is restricted to a local network, however there is a requirement to publish this outside the network, the Integration Hub provides an optional proxy server to allow this.
- End User - All data between the user, and the web server or the remote agent and encrypted via SSL security certificates. The Information Hub uses "Let's Encrypt" to automatically generate SSL certificates. If the connection has been explicitly set to not use encryption a warning will be displayed next to the remote agent.
- Remote Agent - The remote agent - database communication may or may not be encrypted depending on the features of the database being connected to. Best practices are to configure databases to encrypt data, or to ensure the remote agent/database connections are on a secured network.
- Encrypting Data - Data encrypted by the information hub uses a composite encryption system where one part of the key is stored centrally and attached to each hub, and the other part of the key is stored with the remote agent. This ensures that if either the central web store or the remote agent are compromised the encrypted data will still be safe.
Column Encryption - Individual columns can be encrypted by specifying the security flag on the column
provides the following options:
Fast Encrypt - Performs a 5 iteration, salted encryption.
Slow Encrypt - Performs a 1000 iteration, salted encryption.
Hash - Securely hashes/salts the field.
- Password Encryption - Passwords which are used to authenticate database connections are stored centrally with a slow/salted encryption. When exporting or migrating hubs, only the encrypted values are exported.
- Variable Encryption - Variables which have the "Encrypt" option specified are stored centrally with a slow/salted salted encryption. When exporting or migrating hubs, only the encrypted values are available.