Botmetric takes the protection and security of its customer’s data very seriously. Botmetric manages the security of its application and customer’s data. However, provisioning and access management of individual accounts is at the discretion of individual business owners. As a practice, we don’t log or transmit any sensitive information that you share with us. We also ensure important customer data is isolated at various levels in our systems.
Detailed below are the key policies that we follow at Botmetric to ensure better protection of application and customer data in its complete life cycle.
All sensitive information in Botmetric is encrypted with a unique key and hash for each customer. We don’t log or transmit any sensitive information that you share with us. We also ensure important customer data is isolated at various levels in our systems.
Customer data access policy on Botmetric Platform
The production environment’s infrastructure is completely independent of staging and development environments. Developers have zero access to the production environment. A limited number of admins have access to infrastructure. The internal team requests access for limited customer data from admin team only to support customer requests.
The only two ways customer data can be accessed:
1. Botmetric Platform – username and password would be required to login. Passwords are encrypted with customer specific salt.
2. AWS APIs – The role ARN shared with Botmetric only provides access to Botmetric’s AWS Production account, the access for which is limited. Also the ARNs are encrypted at rest.
Data purge policy after subscription is terminated:
After subscription is terminated, all user accounts and automation jobs are disabled. Data is kept for 60 days in case customer decides to renew their subscription. After 60 days, all customer data is purged permanently.
Customer data isolation on a multi tenant platform:
Data isolation is ensured not only at the application layer but also at the data storage layer.
ACCESS CONTROL AND MFA
We use Identity Access Management(IAM) roles to connect with your cloud account. Rest assured only our application can access your cloud APIs, using temporary access keys for each session. We ensure that all our communication with your cloud account is secured. Botmetric provides access controls for authentication and authorization to manage your account.
Botmetric provides Multi-Factor Authentication (MFA) to improve access security by making users enter a unique authentication code from their authentication device along with their username and password.
BOTMETRIC AUDIT TRAIL
We have an activity history log in place that tracks important changes related to your users and cloud accounts within your Botmetric account.
INFRASTRUCTURE AND NETWORK SECURITY
Our servers are hosted in Virtual Private Cloud with strong access controls for network and application level security. We protect our application using state of the art web application firewall services. Our backend services like databases, logs etc isolated into separate private networks for enhanced protection.
Botmetric ensures any data sent to/from our system is transmitted securely using SSL and HTTPS. This ensures your data is secure over network and we don’t allow non-encrypted communication. You don’t need to open any custom ports for using Botmetric from your network or cloud. Our agent is secured with authentication, authorization and tampering protection.
Security incidents (breaches and potential vulnerabilities) can be reported by customers or any users via email to email@example.com under responsible disclosure. Botmetric does incentivize responsible vulnerability disclosures. We take security very seriously, and investigate all reported vulnerabilities.
Report potential vulnerability