Security

Security brief

Dealing with clients' data is a sensitive task; requiring an innate sense of responsibility, transparency, security, and accountability on our end. As such, in our development process, we have paid minute attention to making Draxlr, rich with data protection & security measures and accommodating significant user rights. Both in our product and organization, we use the most relevant technologies and techniques, to carefully implement industry-standard measures.

Data processing

Data processing refers to an operation or set of operations performed on your data–operations such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Draxlr processes your data only to access the features on the platform, and help you get any additional support if you need it. Thus, Draxlr accesses only the data required to get the features working, and, uses only the relevant forms of processing.

User rights

Draxlr recognizes user rights on the platform, with importance beyond everything else. We understand that we can develop a bond of trust with our clients only when we can recognize and provide all the significant user rights (related to the processing of digital data) that matter.

We connect only with the databases (and parts of your databases,) that you give us permission for. And when you disconnect your databases from Draxlr, we are obliged to keep no further connections with your databases. If we ever need to access your Customer Data to deliver a support service–we will do so, only after you have given us written permission, and not before.

Data portability is yet another important user right, where users should be able to receive their data in a structured and machine-readable format. And, have the right to transmit those data to other platforms without any hindrance.

To conform with this right Draxlr allows you to download both your raw data and analyzed data in CSV and Excel format. Download the data visuals in PNG format. And, further, get the shareable URL for the Dashboard elements you build.

Our users will always have the right to object (the collecting and processing of data,) when data is processed for purposes other than the ones consented by the user (such as marketing and profiling.) Draxlr will never automatically take decisions on the usage of your data on your behalf. Only you decide what gets done with your data on Draxlr.

Data protection measures

Draxlr takes industry-standard technical measures to ensure efficient data protection:

Draxlr never replicates your database, but just accesses it–thus, your data is always safe in your database. Draxlr never writes your data–all connections to your database use a read-only transaction. Draxlr always uses secure connections and processes to query our database. Upon querying your database, Draxlr will only fetch the results. The results are always transmitted using industry-standard SSL security to protect your data against Man-In-The-Middle attacks and eavesdropping.

You connect your database to Draxlr by entering your SSH or database credentials. These are kept strictly private and are securely encrypted using industry-standard 128-bit AES Encryption (and protected by TLS in Transit.) If you export these results, Draxlr will temporarily store these results to optimize performance. The temporarily stored results are cached using a version 4, cryptographically strong, pseudo-random UUID for 48 hours. After that, the results are automatically and permanently deleted.

Security practices

Draxlr also focuses strictly on maintaining appropriate organizational and technical measures to provide security to your data processing.

To efficiently provide our cloud services and features, we need to use certain 3rd party systems. Only the core members of the Draxlr team access these systems for controlling, monitoring, and reviewing our platform. However, even our core members get very selective access; access only to systems needed to carry on their responsibilities.

To sign into the systems, we use the secure Google Sign-in. None of our accounts are shared, and we strictly ask our team members to use a two-step verification process for signing into their accounts. When we sign-in from new browsers, devices, or locations, we receive security alerts in our email. We also track & review all devices that are presently signed in or have signed-in in the last 28 days. Lastly, in cases, when our team members leave Draxlr, we permanently revoke their user's access.

Draxlr never stores your account password, and sign-in authentication is done securely using the industry-standard BCrypt hashing. Any attempt to access Draxlr using insecure HTTP protocol is automatically redirected to use secure HTTPS protocol. We use the AWS security groups to restrict communication between servers, and VPC is used o isolate the production environment from other environments. All our production secrets are managed using AWS tools. And lastly, our entire architecture (except for our load balancers) is on a private subnet.

To comply with the principle of data integrity, Draxlr performs daily backups and replication for its core databases across multiple zones in the event of a site disaster.