This document covers the data security, retention and protections currently in place for the Siteimprove services:
- Quality Assurance
- Search Engine Optimization (SEO)
To ensure service availability and security, Siteimprove have implemented the following data protection and monitoring controls:
- The Siteimprove Suite is only accessible using HTTPS on TLS 1.2. If TLS 1.2 is not supported by the customer browser, the connection will be downgraded to TLS 1.1 or TLS 1.0.
- Redundant firewalls and infrastructure are in place to protect the Siteimprove services against hardware failure.
- All internal Siteimprove site to site communication is either encrypted or uses MPLS connectivity.
- The data in the Siteimprove Suite is only available for authenticated users.
- The Siteimprove Suite is continuously monitored for service and hardware availability
All customer data in the Siteimprove Suite is backed up on a daily basis to a local server in the Siteimprove data center (Interxion). Once a week, a single full backup is copied from the data center (Interxion) to the off-site backup location (Siteimprove Headquarters).
Data storage locations and physical security
Interxion is the primary hosting location for the Siteimprove Suite infrastructure. Interxion is located in Ballerup, Denmark, just outside Copenhagen. This location contains the bulk of the Siteimprove application logic and the various database back-ends. Only a limited number of named Siteimprove employees have physical access to the data center.
Interxion is a state-of-the-art data center provider with:
- Power delivery with 99.999% SLA
- Temperature and humidity is monitored 24x7 and is in line with ASHRAE recommendations
- Diverse ISP connectivity
- A very early smoke detection system is installed with direct lines to fire stations
- Automatic gas-based fire suppression systems
- Fire-retardant walls
- Trained security staff on site 24x7
- Five layers of physical security
- Access tokens in combination with biometric data and mantraps are used for data center entry
- CCTV video surveillance
Interxion has access procedures in place for personnel and goods entry and maintains an access log for all entry to the data center.
Interxion is a ISO 27001:2013(Information Security) and ISO 22301:2012(business continuity) certified data center provider. Interxion does also undergo a yearly SOC2 audit. Both the certificates and the audit report can be provided to customers, upon request.
Further information about Interxion can be found on their website.
The Siteimprove Headquarter is located in Copenhagen and is used for storage of off-site backups of the Interxion data center. The Siteimprove headquarter and Interxion are located approximately 14 kilometers apart.
The backups are stored in the Siteimprove Headquarter data center, which has redundant cooling, UPS backup power with an attached diesel generator and a fire suppression system. The data center is only accessible by a few named Siteimprove employees using access tokens and any access to the data center is logged centrally.
Amazon Web Services (AWS)
AWS in Frankfurt, Germany is used by Siteimprove for storage of PDF and HTML files collected by the Quality Assurance service. It is also uses for storage of Response website snapshots.
AWS is used for off-loading application servers located in Interxion. When certain thresholds are met, workloads are moved to AWS for processing, after which, the processed data is returned to Interxion.
AWS is considered one of the top providers of cloud services and hold several certifications. On a yearly basis, AWS are subjected to independent audits to maintain the certifications.
Amazon Web Services (AWS)
Siteimprove offers the Siteimprove Suite, without Analytics and Policy, out of the AWS region in North Virginia.
Temporary data storage
Siteimprove Response nodes and Analytics endpoints are located around the world for the sake of redundancy and to lower the latency to customer websites. The location details can be found in the Response and Analytics technical specification documents. These nodes do only hold the collected data temporarily, for a maximum of 48 hours, before it is sent to the designated backend for processing, storage and presentation in the Siteimprove Suite.
Siteimprove will store, that at the given time valid, customer website data for the duration of the contractual agreement. When the contractual agreement with Siteimprove is terminated, the following will happen:
- The tables in the database, containing the customer results, history and specific customizations to the Siteimprove Suite will be dropped
- Any collected HTML and/or PDF files will be deleted
- The customer data will be rolled out of the backup scheme after 8 days
Siteimprove will retain some customer information, after contract termination, such as name, title, e-mail address, physical address, phone number, etc.
This residual customer information* will be removed upon request, by contacting:
Worldwide (except EU): firstname.lastname@example.org
*all data will be removed, except data that is required to be retained by law and internal audit policies.