Data Protection and Security

The protection of your data is our priority

How do we secure your data?

Internal security in the organization

Internal processing at our company meets the most stringent security criteria. Our employees are bound by a confidentiality agreement. They cannot transmit data outside the company. We use software that monitors the work of individual employees.

The access to servers is protected on two levels. A user needs a password-protected private key to access each level. Additionally, at the first level, a user can log in only at theirauthorized computer.

Private Key (flash drive) – private keys for the second level are stored in a protected partition on the flash drive. Access to this section is secured by the AES-256 algorithm. Only a fingerprint of the flash drive owner can unlock it. So, if an unauthorized person uses the PC and hacks the password of the private key, they’ll be unable to access the second level without an authorized person.

Securing data during transmission to our server

TLS (https protocol)

Communication with our application is secured by HTTPS protocol. HTTPS (Hypertext Transfer Protocol Secure) is an extension of HTTP network protocol that enables one to secure a connection between a Web browser and a Web server from eavesdropping or forgery of data. It also allows us to verify the identity of the counter-party. HTTPS uses the HTTP protocol and all the data transmitted is encrypted using the TLS. The standard port of the server side is 443. For communication encryption we use a key which is digitally signed by a trusted certification agency.

Storing passwords to your MonkeyData accounts

MonkeyData account passwords are encrypted by bcrypt and are not stored in the cache. They can’t be identified from the database, so it is impossible to find out or infer the user’s password.

Storing passwords to your connected services

All your data for your services are stored in a database in encrypted form. Security is provided by asymmetric cipher, the password is encrypted with a public key.

This cipher is unidirectional and the password can be decrypted only by the private key that is known only to the script which operates communication with the API of the connected service running in a designated area. The method is RSA with a 2048 key length. It is reported that breaking it by “brute force” might be possible on a super-computer in about 1100 years. All communication among servers is encrypted by 128 bit or 256 bit (according to the disposition of your browser) keys through TLS cryptographic protocol.

All passwords and sensitive data are stored in encrypted form with the inability to obtain the original without the private key which is NOT stored in the same database. So even if someone “gets” into the database he would not be able to obtain passwords and keys in the original form.

The private key is in a secure location and is accessible only to a script (running in a restricted area) which operates the communication through a secure connection with other servers (GoogleAdwords API, Google Analytics API etc.).

Substitutability of servers

For ensuring the uninterrupted operation of our service we use several Web and database servers in the Google Cloud Platform. The internal architecture and server configuration, however, is kept under strict confidentiality.

New ISO security and privacy certifications for the Google Cloud Platform

Google reiterated its commitment to the security needs and added two new certificates to the Google Cloud Platform: ISO27017 for cloud security, ISO27018 for privacy and ISO27001 (renewed). More information on the Google Cloud Platform Compliance is available here.