Security

Users of the services offered by Saasmetrics acknowledge and accept these terms and conditions.

Last revised on May 29, 2015

Have a question or concern? Please email us at support@saasmetrics.co.

Data Centers

Saasmetrics’s physical infrastructure is hosted and managed within Amazon’s secure data centers and utilize the Amazon Web Service (AWS) technology. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under: ISO 27001; SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II); PCI Level; and FISMA Moderate.

Physical Security

Saasmetrics utilizes ISO 27001 and FISMA certified data centers managed by Amazon. Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, and critical facilities have extensive setback and military grade perimeter control berms as well as other natural boundary protection. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.

Amazon only provides data center access and information to employees who have a legitimate business need for such privileges. When an employee no longer has a business need for these privileges, his or her access is immediately revoked, even if they continue to be an employee of Amazon or Amazon Web Services. All physical and electronic access to data centers by Amazon employees is logged and audited routinely.

Fire Detection and Suppression

Automatic fire detection and suppression equipment has been installed to reduce risk. The fire detection system utilizes smoke detection sensors in all data center environments, mechanical and electrical infrastructure spaces, chiller rooms and generator equipment rooms. These areas are protected by either wet-pipe, double-interlocked pre-action, or gaseous sprinkler systems.

Power

The data center electrical power systems are designed to be fully redundant and maintainable without impact to operations, 24 hours a day, and seven days a week. Uninterruptible Power Supply (UPS) units provide back-up power in the event of an electrical failure for critical and essential loads in the facility. Data centers use generators to provide backup power for the entire facility.

Climate and Temperature Control

Climate control is required to maintain a constant operating temperature for servers and other hardware, which prevents overheating and reduces the possibility of service outages. Data centers are conditioned to maintain atmospheric conditions at optimal levels. Monitoring systems and data center personnel ensure temperature and humidity are at the appropriate levels.

Management

Data center staff monitor electrical, mechanical and life support systems and equipment so issues are immediately identified. Preventative maintenance is performed to maintain the continued operability of equipment.

For additional information see: https://aws.amazon.com/security


File Systems and Communication

All access to the Saasmetrics website is restricted to HTTPS encrypted connections. All data retrieval from data sources is done with your unique access token over a secure connection with their API.

User passwords are secured with BCrypt. They are never stored in the database in plaintext and are not readable by staff. Passwords do provide access to the Saasmetrics website, however, and it is the responsibility of the end user to protect his password with care.


Employee Access

No Saasmetrics staff will access your business metrics unless required for support reasons. In cases where staff must access business metrics in order to perform support, we will get your explicit consent each time, except when responding to a critical security issue or suspected abuse.

When working a support issue we do our best to respect your privacy as much as possible, we only access the minimum data needed to resolve your issue.


Credit Card Safety

Saasmetrics does not process or store any credit card details belonging to your customers or yourself. If you pay for one of our paid plans using your credit card then your payment is processed by a third party, PCI compliant payment processor. Your card details are never transmitted through or stored on Saasmetrics.