Security FAQ

Convertr is a SaaS platform that is licensed by our direct client. We provide all the tools to improve data security by automating manual processes and reducing the risk of data being mishandled.

What Is Convertr?

Convertr an API-first data routing and optimization platform. We capture marketing lead information from multiple sources (landing page forms, imports, API requests, and webhooks) and verify, validate and enrich the data before routing the data into a client's marketing system, usually a CRM system.

Convertr is a SaaS platform that is licensed by our direct client. We provide all the tools to improve data security by automating manual processes and reducing the risk of data being mishandled.

How is data stored and secured in the Convertr platform?

The security of our clients’ data is our number one priority. Convertr is fully hosted on AWS (Amazon Web Services) enabling us to leverage their state of the art physical and virtual security. You can read more about AWS' security measures here.



Location

Our default location for data storage is in Ireland, but can be hosted in any AWS region if required (additional costs may apply). The cluster is limited to this area and no data will flow outside of this region without explicit consent from the client.

Encryption

We encrypt all personal data at rest in the database using AES256 encryption with rotating keys. In addition, each client has its own private database with unique application access. Convertr also uses disk encryption for all AWS services. All data transferred is secured by TLS 1.2.

Convertr Smart, Secure Distribution

How is your internal network secured?

As above, Convertr uses AWS for its infrastructure. We use VPCs and security groups to enforce strict firewall rules, which are tightly audited. We also use AWS WAF for application-level firewalls.

What other protection methods does Convertr have in place?

  • Convertr performs vulnerability tests as part of each release and third party penetration tests annually.
  • All server access is secured using secure keys and access is restricted to senior Convertr staff with all access audited..
  • Convertr uses Guard Duty (an intelligent threat detection tool) to monitor its infrastructure.
  • Access to any infrastructure services require multi-factor authentication.
  • Every release of the Convertr platform goes through rigorous manual and automated testing.
  • All Convertr staff receive data protection and security training every year.
  • All uploads to the platform are scanned for viruses.

ISO-27001

Does Convertr have any certifications?

Convertr is ISO-27001 certified.

Does Convertr have a business continuity plan?

Convertr has a business continuity plan as part of it’s ISO-27001 certification.
In summary, the following processes are in place:



Application and Infrastructure monitoring

Convertr uses a combination of AWS CloudWatch, New Relic, Sentry, Pingdom, and Guard Duty to monitor the application and infrastructure.

Disk Storage

All Convertr data is stored within AWS and uses EBS volumes. All client critical data is snapshot twice daily and retained for 30 days.

Backups

Convertr takes twice-daily backups (8am & 8pm GMT) of the database. These backups are retained for an agreed amount of time with our client, this tends to be for 30 days. The backups are stored and encrypted in Amazon S3 in a private bucket.

Uninterruptible Power Systems

From AWS: The data centre electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week.

Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centres use generators to provide back-up power for the entire facility.

Can you provide an audit trail, for example user access logs?

Convertr has a thorough audit of activity through the application, both on a system and campaign level. Any actions made to AWS services are audited and monitored using a combination of CloudWatch and GuardDuty.

What does the Convertr infrastructure look like?

As above, Convertr is fully based on AWS and follows best practises as outlined by Amazon Web Services. We make use of RDS (MySQL) for persistent storage which uses multi A-Z for automatic fail-overs.

Our EC2 instances, which the application is spread over, use load balancing and auto-scaling groups to ensure the application is resilient to spikes in traffic and data processing. We run a container system across our cluster of servers to more efficiently manage resources.

Convertr Infrastructure

Ready to Get In Touch?

   London: +44 (0)203 617 7659       Denver: +1 (720) 699 7880   

Contact Us