What is Convertr?
Convertr an API-first data routing and optimization platform. We capture marketing lead information from multiple sources (landing page forms, imports, API requests, and webhooks) and verify, validate and enrich the data before routing the data into a client's marketing system, usually a CRM system.
Convertr is a SaaS platform that is licensed by our direct client. We provide all the tools to improve data security by automating manual processes and reducing the risk of data being mishandled.
How is data stored and secured in the Convertr platform?
The security of our clients’ data is our number one priority. Convertr is fully hosted on AWS (Amazon Web Services) enabling us to leverage their state of the art physical and virtual security. You can read more about AWS’ security measures here.
Our default location for data storage is in Ireland, but can be hosted in any AWS region if required (additional costs may apply). The cluster is limited to this area and no data will flow outside of this region without explicit consent from the client.
We encrypt all personal data at rest in the database using AES256 encryption with rotating keys. In addition, each client has its own private database with unique application access. Convertr also uses disk encryption where possible.
All data transferred is secured by TLS 1.2.
What other protection methods does Convertr have in place?
- Convertr performs vulnerability tests as part of each release and penetration tests at least annually
- All server access is secured using secure keys and access is restricted to senior Convertr staff with all access audited.
- Convertr uses Guard Duty (an intelligent threat detection tool) to monitor its infrastructure
- Access to any infrastructure services require multi-factor authentication
- Every release of the Convertr platform goes through rigorous manual and automated testing
- All Convertr staff receive data protection and security training every year
- All uploads to the platform are scanned for viruses
Can you provide an audit trail – e,g, user access logs?
Convertr has a thorough audit of activity through the application, both on a system and campaign level. Any actions made to AWS services are audited and monitored using a combination of CloudWatch and GuardDuty.
Does Convertr have any certifications?
Convertr is ISO-27001 certified.
Does Convertr have a business continuity plan?
Convertr has a business continuity plan as part of its ISO-27001 certification. In summary, the following processes are in place:
Convertr takes twice-daily backups (8am & 8pm GMT) of the database. These backups are retained for an agreed amount of time with our client, this tends to be for 30 days. The backups are stored and encrypted in Amazon S3 in a private bucket.
All Convertr data is stored within AWS and uses EBS volumes. All client critical data is snapshot twice daily and retained for 30 days.
How does Convertr monitor the application and its infrastructure?
Convertr uses a combination of AWS CloudWatch, New Relic, Sentry, Pingdom, and Guard Duty to monitor the application and infrastructure.
Does Convertr have any uninterruptible power systems?
From AWS: The data centre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week.
Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centres use generators to provide back-up power for the entire facility.
What does the Convertr infrastructure look like?
As above, Convertr is fully based on AWS and follows best practises as outlined by Amazon Web Services. We make use of RDS (MySQL) for persistent storage which uses multi A-Z for automatic fail-overs.
Our EC2 instances, which the application is spread over, use load balancing and auto-scaling groups to ensure the application is resilient to spikes in traffic and data processing. We run a container system across our cluster of servers to more efficiently manage resources.