UXCam is committed to data security and performance and ensures the highest standards and best practices for their implementation.
Customer decides which data they wish to record and store.
Our customer has the choice of what data to record. You can and should exclude any Personally Identifiable Information (PII) of the user.
Exclude Sensitive Views:
We provide various client-side API enabling you to block sensitive views to prevent tracking user information.
Data is encrypted at rest using AES-256 encryption algorithm. Data is encrypted end-to-end between the user's device and AWS and Google Cloud platform using SSL.
Every protected object is encrypted with a unique encryption key. This object key itself is then encrypted with a regularly rotated master key. Additional security is provided by storing the encrypted data and encryption keys in different hosts.
All data collected is physically hosted with Amazon Web Services and Google Cloud in their data center in North Virginia USA.
- Instances running on the same physical machine are isolated from each other via the Xen hypervisor (AWS) and KVM hypervisor (Google Cloud).
- In addition, the AWS firewall and Google Compute firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets must pass through this layer, thus an instance’s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.
- Our clients are logically separated through the use of account ids, access control and roles define what users have access to.
- The database containing visitor and usage data is only accessible from the application servers and no outside sources are allowed to connect to the database.
UXCam has signed a data processing agreement (DPA) with Amazon Web Services (AWS) and Google Cloud, that includes the EU model clauses.
UXCam uses Splunk as a SEIM tool to identify suspicious behavior and potentially compromised systems on the production platform.
Any code changes that are required to remediate vulnerabilities are peer reviewed. All changes go through the development and release process including QA with regression testing.
Compliance and certifications
Google Compute Engine and Amazon web services (AWS) have successfully completed ISO 27001 and SOC 2 certifications.