UXCam is committed to data security and performance. We ensure the highest standards and best practices for their implementation.
Customer decides which data they wish to record and store.
Our customer has the choice of what data to record. You can and should exclude any Personally Identifiable Information (PII) of the user.
Exclude Sensitive Views:
We provide various client-side API, enabling you to block sensitive views to prevent tracking user information.
Data is encrypted at rest using AES-256 encryption algorithm. Data is encrypted end-to-end between the user's device and AWS using SSL.
Every protected object is encrypted with a unique encryption key. This object key itself is then encrypted with a regularly rotated master key. Additional security is provided by storing the encrypted data and encryption keys in different hosts.
All data collected is physically hosted with Amazon Web Services in their data center in North Virginia USA.
- Instances running on the same physical machine are isolated from each other via the Xen hypervisor (AWS).
- In addition, the AWS firewall resides within the hypervisor layer, between the physical network interface and the instance's virtual interface. All packets must pass through this layer, thus an instance’s neighbors have no more access to that instance than any other host on the Internet and can be treated as if they are on separate physical hosts. The physical RAM is separated using similar mechanisms.
- Our clients are logically separated through the use of account ids, access control and roles define what users have access to.
- The database containing visitor and usage data is only accessible from the application servers and no outside sources are allowed to connect to the database.
UXCam has signed a data processing agreement (DPA) with Amazon Web Services (AWS) which includes the EU model clauses.
UXCam uses DataDog as a SEIM tool to identify suspicious behavior and potentially compromised systems on the production platform.
Any code changes that are required to remediate vulnerabilities are peer reviewed. All changes go through the development and release process including QA with regression testing.
Compliance and Certifications
UXCam infrastructure is hosted on Amazon web services (AWS). Both UXCam and AWS have successfully completed SoC2 Type 2 certification.