This article talks about Convictional security, including access control, policies, data use and other compliance considerations.
Convictional is committed to the security of our customers and services. If you have any questions, please email our compliance contact by emailing: email@example.com.
Updated: August 20, 2019
HTTPS & Data Transit
Access to all Convictional services is encrypted in transit using SSL. This includes the admin application, requests and responses from our API, our help and API documentation, our website and our communications. Many Convictional services are not exposed to the internet at all. When we connect with third-party services on your behalf, we always force encrypted connections with API endpoints.
We attempt to follow security best practice with respect to sensitive credentials and access. We provide the minimum viable access to staff accessing sensitive system data. Our database credentials and other sensitive access credentials are stored within a key management system (KMS). The KMS means that no one outside of two trusted security officers within the company are able to access sensitive credentials, including Convictional employees. All our internal services use Google IAP to protect access to backend services not exposed to the internet. We require 2-factor authentication to be used on Google and other sensitive user accounts. Our most senior team members also use security keys for advanced protection.
Logging & Monitoring
We attempt to log all state changes that occur both within and among the systems that Convictional integrates with. This is an ongoing effort and requires continuously adapting as new services are built and deployed. As an integration service provider, understanding what is happening when many millions of records are in motion on a daily basis is core to our business. We use the full suite of logging, monitoring, profiling and other tools provided by Google Cloud in order to ensure availability and observability. We have 16/7 on call coverage at this point, with the goal of moving to 24/7 in the next six months to a year.
We provide a publicly visible status page that is updated on a regular basis in the event of an indident with our services. The most typical case is when a configuration change brings a service offline temporarily (such as a DNS disruption or other similar case). We will keep that page up to date with the nature of the issue, the impact on customer access and data (where relevant) and the timeline for resolution of the issue. Many of our competitors focus primarily on up-time as a proxy for service availability. We combine uptime with a more qualitative assessment of whether or not services are performing as expected. Because our business deals in data from third-parties, we can never gaurantee that uptime means constant state or expected behavior. We have extensive validation in place to ensure expected behavior, however. In the event that your data were to be impacted, you will be notified ASAP using your account email.
Convictional services are built on top of Google Cloud Platform. Here is a link to a microsite where you can learn more about the security of Google Cloud. We also connect with third-party payment gateways like Stripe to store sensitive payment information and we retain only the ability to change your customers on your behalf but not their (or your) payment information. We connect to third-party commerce platforms like Shopify to do work on behalf of customers. All our backend services, with the exception of public facing APIs (by definition) are not exposed to the internet and protected behind VPC access control.
Our database is backed up on a rolling basis four times a day with offsite redundant backups. The database itself is encrypted at rest, meaning that even if someone was able to breach our cloud services provider, the data would require authentication from the KMS in order to be decrypted. No production data is retained on development machines. We will never sell or allow third-parties access to your data. Every action we perform is logged and accessible. No one here can see what your password is and it is stored encrypted.
We store the following consumer personally identifyable information so that sellers can ship orders:
Postal or zip code
Region, province or state
Our customers can choose to delete archived orders, which removes all PII listed above from our system permanently. We do not store the following: consumer email address, phone number, IP address or any other consumer PII. We do not intend to, and would notify customers if this were to change.
Support cannot access sensitive business documents in your system and your approval is required to connect to your commerce platform or manage documents in your account. This creates a bit more friction for us when we provide you support but the trade off is that none of us know what is happening in your account unless you approve access. Anyone with the ability to gain this access is trained for compliance.
We will investigate all security issues that are reported. Please email us: firstname.lastname@example.org. We will respond as soon as we can. We request that you not disclose the issue until we are able to respond.
We are open to awarding researchers or users who help to identify security issues in our application. If we take an action as a result of your disclosure, we will compensate you according to the severity of the disclosure and the time it took to complete. Please provide relevant details when notifying us.