This document describes our company’s approach to ensuring the data we hold on our customers, and the data we collect as part of our monitoring services, is kept secure and private.
We will not share any personal, financial, contact or otherwise sensitive information you provide to us with any third party for any reason without your prior permission, or unless required to do so by law. Whilst we may use contact details you provide to us for our own marketing emails, you can opt out at any time.
We will only hold information about our customers that is required for us to deliver our services.
We take the security of our systems and data, and the systems and data of our customers, extremely seriously.
Our monitoring services are hosted in the Amazon AWS cloud. We only use instances in Amazon’s Irish data centres, so they are within the EU.
Access to the monitoring infrastructure is tightly controlled. Amazon offer very granular access control, and as well as requiring complex passwords, we allow access only from certain IP addresses. Access to the Amazon cloud web console is also strictly controlled – changes to firewall rules can only be made by administrators, and we use two factor authentication to provide stronger access control.
All mobile devices use encryption, as do any online back up and storage solutions we use. We also only use service providers that support two factor authentication, and it is enabled for our accounts.
We ensure our computing devices are properly maintained, and kept fully patched. Incident analysis which may involved malicious software or websites is done on separate physical or virtual machines.
Our monitoring services only collect data as required to deliver the particular the service in question. This will be described fully in the appropriate service description, but any data collected and stored will be protected in accordance with this policy.