Privacy Central, Inc Security

Last updated: May 31st, 2019

How we secure your data

Application & Data Security



We secure your data in our Microsoft Azure cloud-hosted database solution using AES encryption along with Encryption at Rest and Encryption in Transit. We utilize Microsoft Azure to implement row security and data masking on top of encryption of sensitive fields such that our admins cannot see any of your data. Because we encrypt sensitive fields, bad actors will never be able to see your data even if they obtain access to our database.

  • Backups of our databases are performed in Azure and are always left there. No access or abililty to download these databases are provided or permitted.
  • Data is encrypted and hashed using the strongest encryption and hashing algorithms currently available.
  • Because anything is possible, we have planned for the event of a breach. Encryption keys and hashing salts are revolved on a random set of days such that in the event a bad actor were to gain access to our keys and the database, they would only be able to access a very small subset of data during a very small window.
  • All core services run in the context of Azure. Therefore we limit all access to Azure based services only (external access is based on approval via Just-In-Time (JIT) access requests). Any attempts to breach the system from outside Azure will fail. In the event someone attacks from inside Azure infrastructure, Microsoft will be able to disable that access and determine the perpetrator(s).
  • All access is verified based on IP Address and Device. This helps prevent man-in-the-middle and stolen cookie attacks.

Authentication



Our preferred method of authentication is by usage of authentication platforms such as Google, Twitter, Microsoft or Facebook. They are responsible for your password and as such we never see or have it stored. If the email address you used for your target application is not available for authentication via those social networks, then you must use our authentication layer such that we can match you to the target applications. This method does not store your password but hashes it using the strongest hashing algorithms available (with rolling hash salts).

We also support Multi-factor authentication (MFA) and encourage users to enable it:

  • Google Authenticator
  • Email and Phone one-time use
  • FIDO2 supported devices
  • Facial Recogniation

Additionally, every device and IP address you login in from will require verification. If you browse your account from a new device (or upgrade your browser), you will be required to verify it using a one-time code to a verified data identity.

Logging



Every access attempt to an Azure cloud resource (database, web apps, etc) is logged. The latest security tools from Microsoft (Azure Sentinal and Azure Security Center) are utilized to monitor all the resource in the Azure subscription. Any attempt at access or breach are immediately flagged and our security team will move to prevent any further attempts at access.

Data Exports



Data exports request are simply that, a request to have an external system generate your data report. We simply provide you the url and proxy the data to your browser if you choose to utilize our data viewers (such as the JSON Viewer). Other than systems and applications Privacy Central, Inc manages and owns, we do not cache or store this data in anyway other than what is necessary to deliver it to your browser.



© 2019 - Privacy Central, Inc