1. INTRODUCTION TO OUR DATA SECURITY
At Reaktion.com our top priority is to ensure the security and confidentiality of our customer’s data. This Data Security description is explaining our processes around data security and confidentiality.
2. DESCRIPTION OF THE REAKTION SERVICES
The Reaktion platform collects and processes reporting data on behalf of its customers. Examples of marketing data sources are affiliate networks, Google, Facebook, Bing, Price comparison platforms (Pricerunner, Google Shopping) etc.
Reaktion simply stores a copy of this data (in Amazon AWS S3) to provide the Reaktion service with efficient dashboards and reporting functionalities. The original data always stays with the originating platform. Reaktion is only capable of retrieving data from these marketing sources via their APIs.
The collected data never contains personal data of any sorts.
3. DATA OWNERSHIP
Reaktion customers always maintain full ownership of the data collected by Reaktion on their behalf. Customers can always completely and permanently delete all data collected from one-, multiple- or all data sources upon request or by termination of the Reaktion subscription.
4. DATA COLLECTION, TRANSFER AND ENCRYPTION
All data is collected by Reaktion from marketing platforms such as Google, Facebook, Bing etc. Some data sources are most commonly located in the USA and do not provide guarantees of encryption at rest.
All network connections used to collect, view, or transfer reporting data are encrypted using ssl.
5. BACKUP AND ARCHIVING
Reaktion are keeping backups of all customer configuration and business data every 24 hours. Backups are stored in AWS S3 and Glacier, in multiple versions with a durability of 99.999999999%.
All collected data is stored only to provide the service of Reaktion. The reporting data collected by Reaktion is stored only for processing purposes and the original data always stays with the original provider.
6. INFRASTRUCTURE AND SOFTWARE
The physical infrastructure for Reaktion is provided by Amazon AWS and all services are hosted in the AWS Europe (Stockholm) Region.
Configuration of all infrastructure services are fully automated and version controlled, and in case of a disaster can be rebuilt automatically in a different AWS region within 48 hours.
6.2 CHANGE MANAGEMENT
All software changes go through a change management process including peer review and automated testing.
6.3 APPLICATION MONITORING
The Reaktion platform is continuously monitored for software errors and unexpected events.
All configuration changes and important application events are logged and archived to AWS S3 to allow for monitoring and audits.
6.4 NETWORKING SERVICES
Reaktion operates in a Virtual Private Cloud and network services are protected by AWS ddos protection, firewalls and load balancers.
7. INFORMATION HANDLING AND CLASSIFICATION
All Reaktion information are classified and handled according to Reaktion’s internal classification and handling policy
7.1 HUMAN RESOURCE SECURITY
Processes for both on- and off-boarding of employees are in place. All Reaktion employees are subject to background checks and are required to sign a confidentiality agreement before starting employment.
If a Reaktion employee ends its employment an off-boarding process is started. The former employee shall 1) return all equipment 2) All access tokens and accounts relating to the former employee are terminated and the information is secured etc.
7.2 PASSWORDS AND ACCESSES
Access to Reaktion systems are restricted to only authorized users or processes, based on the principle of strict need to know and least privilege.
All Reaktion employees must use a separate, unique password for each of their work related accounts. Passwords must not be shared with anyone, including managers and coworkers.
All passwords are treated as sensitive, confidential Reaktion information.