Security standards

Platform Authentication

Passwords are encrypted using best-in-class encryption algorithms (up to 448-bit keys). Two-factor authentication (2FA) is enforced whenever a user accesses the Control Panel. Sessions are maintained for 10 hours to ensure a fresh login cache.

Data security

Integrations configuration data is store in AWS RDS instances and are only reachable from within our Private Network.

Transaction Information is store in Mongo Atlas instances and are only reachable from within our Private Network.

System Keys & Customer related data, such as order and product files are stored in private Amazon S3 buckets only reachable from within our Private Network.

Data Storage

We only store data required for running workflows and keep it only as long as needed. Where possible, all stored data can be deleted upon request. All data is encrypted during transfer across both internal and external networks. Below is a list of the types of data we store and our retention periods.

Personal Account Information Personal details you provide when creating a HighCohesion account, such as your name and email address, are stored for as long as your account remains active. You can request account deletion at any time, and this data will be removed from our systems.

Personally Identifiable Information (PII) We use a number of different tools to help us track usage of the product such as raw server logs and analytics tools (Google Analytics etc). These tools may receive personally identifiable information such as your computers IP address and in some cases your name and/or email address. Raw server logs are not stored for more than 14 days and, inline with GDPR you can request any PII that we store, to be removed from our systems and any sub processors we employ.

Authentication Data To allow workflows to process data between different 3rd party services on your behalf, we will often require you to provide authentication to these 3rd party services in the form of usernames, passwords and access tokens. This sensitive authentication data is encrypted at REST in our databases, using strong 256 bit encryption, and will be removed on deletion of your HighCohesion account. All sensitive authentication data is obfuscated when passed through Stream execution state and logs.

Stream Data When you run a Stream on the HighCohesion platform, we store stateful data as part of the execution process for post-execution logging, Root Cause Analysis (RCA), and error resolution. We retain detailed execution data and log information only as long as necessary. Stream log data—viewable by customers in the "Debug" view of each workflow—is stored for 14 days before deletion. Stream execution data, including payload in, payload out, and transformation files, is stored for 60 days before being erased. Designated HighCohesion and partner staff can access this data when needed for their role, such as assisting customers with their integrations.

Hosting & physical security

HighCohesion-provided services are all hosted in physically private secure data centers managed by AWS. Servers are procted by a Private Network.

Logging & monitoring

All user activity on the platform is logged to a central log server, with restricted access to HighCohesion Development & Operations teams.

Network security

The flow of customer related data, such as order and product data, is kept in our Private Network and is not accessible for outside parties.

HighCohesion protocols to Get/Post external data follow external Source and Destination systems’ protocols, such as HTTPS and SFTP. Traffic over these protocols is encrypted and protected from interception by unauthorised 3rd parties.

User roles & permissions

Users of the HighCohesion platform do not have privileged access to the application, but must supply their application credentials to connect. Additionally, HighCohesion Admins can further restrict and revoke Users’ access to the system directly from the Admin Control Panel.

HighCohesion uses three permission roles for individual organisations: Owners, Editors and View-only Users. An Owner is eligible to access all features necessary to configure and setup a Stream, such as System Keys, Source, Transformation and Destination functions. Additionally an Owner is eligible to create, edit and revoke users within their own Organisation. A View-only User is solely eligible to view system configurations and Event/Job reporting to safely access the Control Panel, without the risk of making unwanted edits to the live environment.

To ensure data segregation, data for a particular Organisation is accessible only by a unique Organisation ID. Data is passed by first authenticating as the Organisation, thus giving access only to data related to that specific Organisation.

Network security

The flow of customer related data, such as order and product data, is kept in our Private Network and is not accessible for outside parties.

HighCohesion protocols to Get/Post external data follow external Source and Destination systems’ protocols, such as HTTPS and SFTP. Traffic over these protocols is encrypted and protected from interception by unauthorised 3rd parties.

User roles & permissions

Users of the HighCohesion platform do not have privileged access to the application, but must supply their application credentials to connect. Additionally, HighCohesion Admins can further restrict and revoke Users’ access to the system directly from the Admin Control Panel.

HighCohesion uses three permission roles for individual organisations: Owners, Editors and View-only Users. An Owner is eligible to access all features necessary to configure and setup a Stream, such as System Keys, Source, Transformation and Destination functions. Additionally an Owner is eligible to create, edit and revoke users within their own Organisation. A View-only User is solely eligible to view system configurations and Event/Job reporting to safely access the Control Panel, without the risk of making unwanted edits to the live environment.

To ensure data segregation, data for a particular Organisation is accessible only by a unique Organisation ID. Data is passed by first authenticating as the Organisation, thus giving access only to data related to that specific Organisation.