All passwords on the HighCohesion platform are encrypted using a best in class encryption algorithm (up to a 448-bit key). In addition, two factor authentication (2FA) is enforced whenever a User accesses the Control Panel.
Control Panel entities such as Sources, Transformations, Destinations and Users are stored in our Amazon RDS instances and are only reachable from within our Private Network.
System Keys & Customer related data, such as order and product files are stored in private Amazon S3 buckets only reachable by HighCohesion.
We make sure that we only store the data that is required for running workflows as long as its needed and, where possible, all data that we do store can be deleted on request. All data is encrypted when being transferred across both internal and external networks. The following is a list of the types of data we store and how long we store it.
Personal Account Information Any personal details, such as your name and email address, that you provide when creating a Highcohesion account will be stored for as long as your account is active. At any time you can request your account be deleted and this data will deleted from our systems.
Personally Identifiable Information (PII) We use a number of different tools to help us track usage of the product such as raw server logs and analytics tools (Google Analytics etc). These tools may receive personally identifiable information such as your computers IP address and in some cases your name and/or email address. Raw server logs are not stored for more than 30 days and, inline with GDPR you can request any PII that we store, to be removed from our systems and any sub processors we employ.
Authentication Data To allow workflows to process data between different 3rd party services on your behalf, we will often require you to provide authentication to these 3rd party services in the form of usernames, passwords and access tokens. This sensitive authentication data is encrypted at REST in our databases, using strong 256 bit encryption, and will be removed on deletion of your HighCohesion account. All sensitive authentication data is obfuscated when passed through Stream execution state and logs.
Stream Data When you run a Stream on the HighCohesion platform, we store various stateful data as part of the execution process and for post execution logging, RCA (Root Cause Analysis) and error resolution. We store detailed execution data and log information for all Streams only for as long as it is required. Stream log data, which is viewable by customers from the "Debug" view of each workflow, is stored for 14 days before being erased. Stream Execution data including, but not limited to payload in, payload out, transformation files etc. will be stored for 45 days before being erased from the operational database, masked and saved in cold storage. Designated HighCohesion & partner staff have access to this data where necessary for their role, eg: assisting a customer with their integrations.
Customer billing details are stored in ChargeBee, our 3rd party billing partner. They are fully PCI compliant and all payment details are tokenised before they are stored. Learn more about ChargeBee’s security standards here.
HighCohesion-provided services are all hosted in physically secure data centres managed by AWS (Amazon Web Services). AWS provides class-leading hosting services with exceptional focus on security and reliability. HighCohesion utilises key services from AWS, such as:
- Physically secure data centres
- Compliance tools and access
- Network security
- Very high availability
- Flexible fault tolerance
- Clear disaster recovery mechanisms
- 24/7 access control and monitoring
All User activity on the platform is logged to a central log server, with restricted access to HighCohesion Development & Operations teams. Centralised logging enables efficient monitoring and platform error traceability. A HighCohesion User can easily access logs related to their Organisation’s Jobs and Events directly from the Control Panel.
The flow of customer related data, such as order and product data, is kept in our Private Network and is not accessible for outside parties.
HighCohesion protocols to Get/Post external data follow external Source and Destination systems’ protocols, such as HTTPS and SFTP. Traffic over these protocols is encrypted and protected from interception by unauthorised 3rd parties.
Users of the HighCohesion platform do not have privileged access to the application, but must supply their application credentials to connect. Additionally, HighCohesion Admins can further restrict and revoke Users’ access to the system directly from the Admin Control Panel.
HighCohesion uses three permission roles for individual organisations: Owners, Editors and View-only Users. An Owner is eligible to access all features necessary to configure and setup a Stream, such as System Keys, Source, Transformation and Destination functions. Additionally an Owner is eligible to create, edit and revoke users within their own Organisation. A View-only User is solely eligible to view system configurations and Event/Job reporting to safely access the Control Panel, without the risk of making unwanted edits to the live environment.
To ensure data segregation, data for a particular Organisation is accessible only by a unique Organisation ID. Data is passed by first authenticating as the Organisation, thus giving access only to data related to that specific Organisation.