Chat Metrics Security and Data Storage

Data transmission and storage security is imperative in the modern enterprise. That’s why we have taken all measures to keep all information and data appropriately protected.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

However, the transmission of information via the internet is never completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to our site; any transmission is at your own risk.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

Our data centers, provided by AWS, are located in Sydney, Australia. They are one the world’s most security environment as AWS is the market leader in hosting and data safety.

Our staff are granted access only in their respective fields and relevant day to day work. They are also required to maintain confidentiality after departure from the company via their contract of employment.

Chat Metrics developers treat stored data of customers with the highest level of security and care. Each piece of customer data is treated as personal and in need of standardized protection. We have deployed security policies which ensure safety of the data storage and transmission.

All Chat Metrics connections are encrypted with 256bit SSL protocol. There is no expiration date on the stored data. The data will remain on our servers even if a client does not extend his or her license. If you’d like to retrieve chats that you had with our support team, you can simply send us an email at team@chatmetrics.com, asking to retrieve all the data that we gathered at Chat Metrics on your behalf.

Encryption of Data at Rest

We use Amazon RDS which encrypts our databases using keys in the AWS Key Management Service (KMS). On a database instance running with Amazon RDS encryption, data stored at rest in the underlying storage is encrypted, as are its automated backups, read replicas, and snapshots. RDS encryption uses the industry standard AES-256 encryption algorithm to encrypt your data on the server that hosts your RDS instance.

Our data storage service (Amazon RDS) also supports Transparent Data Encryption (TDE). With TDE, the database server automatically encrypts data before it is written to storage and automatically decrypts data when it is read from storage.

Encryption of Data in Transit

Encrypt communications between our application (chatmetrics.com) and our DB Instance using SSL/TLS. Amazon RDS creates an SSL certificate and installs the certificate on the DB instance when the instance is provisioned. The data is IP restricted to our dedicated domain ip address.

Domain used by Chat Metrics

To make sure your firewall is not blocking any Chat Metrics requests, please add the following domains to your firewall’s exception list.

*.chatmetrics.com

*.chat-application.com

Chat Metrics use the following versions of Transport Layer Protocol (TLS): 1.2

Security of Information

Chat Metrics ensures compliance with the following information related security and monitoring procedures:

  • Documented and defined security standards and procedures
  • Employee confidentiality agreement – contract of employment
  • Verification of employees who have access to customer data
  • Access to information granted only to employees who need to work with customer data or hosting servers
  • Access to customer data is limited within 12 hours of employee departure or relocation within Chat Metrics
  • Training on internal security policies and raising of security awareness as a day-to-day process
  • Physical security of the data center

Physical security ensured by data centers and hosting provided to and by Chat Metrics is achieved by:

Secure rooms with at least two access mechanisms, i.e., key-cards, man traps, security guards, and computer room badge-in

Authorized employees only are allowed physical access to the servers. 24/7 security at the location

Backups of customer data are stored on-site with limited access and at a securely controlled or commercial off-site location

The site guarantees additional protection such as uninterruptible power and fire suppression

Flawed components in the data center undergo DoD-approved “erase” or “wipe” procedure (if functionally possible) prior to physical destruction

Technical Controls

Chat Metrics supports technical controls to provide protection to its network, systems, and applications:

  • Chat Metrics utilizes professional facilities via a top tier hosting provider that protect customer data from external threats
  • Chat Metrics maintains individual accountability for employees that can access systems hosting customer data
  • Chat Metrics has documented user account/password management systems for employees with access to systems that are hosting customer data
  • Chat Metrics ensures that individual access to customer data is controlled, i.e., a diverse user name and password is required for each individual administrator
  • Customer data is compartmentalized to prevent unauthorized access and separated from the data of other customers
  • Access to customer data is protected by hardened passwords rotated on a 90 day basis
  • Chat Metrics’s data center has formal security policies and procedures in place that deal with viruses, other malware and related threats

Usage

To ensure protection of confidentiality, integrity, and availability of customer data, Chat Metrics meets the following usage criteria:

  • Each user is assigned a unique ID
  • User IDs and passwords can be edited by admin at any time
  • Passwords must be at least 5 characters long
  • The application and resulting access to data in the database has based-on-permission controls limiting access to only authorized customers
  • Each change of user login status is logged within each application
  • All logs are treated as confidential information and access to reports can be restricted using the permission system
  • Reporting of this information is available within each instance of Chat Metrics
  • If confidential data, personal data (i.e., names, addresses, phone numbers), or authentication information (i.e., passwords) is transmitted, Chat Metrics ensures security by employing 256bit SSL encryption between each component of the communications path
  • Chat Metrics’s security policy assumes customer data retention is permanent and is designed to that standard