Data Center Security
- Convertful stores personal data on secure services that are managed by Convertful and its service providers in the US.
- Convertful use Web Application Firewall (WAF) for DDoS protection, this allows us to be online 99.99% of the time
- Convertful is hosted by the world’s leading data center providers. Our partners guarantee us the physical security to protect against unauthorized entry, protection against power outages, full CCTV coverage externally and internally for the facility.
- All our hosting providers are SOC 1 Type II, SOC 2 Type II, ISO/IEC 27001:2013 certificated, this allows you to keep all your data safe
Protection from Data Loss, Corruption
- Personal data that Convertful stores or transmits are protected by security and access controls, including username and password authentication and two-factor authentication where appropriate.
- Passwords and API keys are stored either in hashed or in securely encrypted forms. Our own staff can’t even view them. If you lose your password, it can’t be retrieved—it must be reset.
- Convertful archives data on securely isolated backup systems that are located in Germany.
Application Level Security
- All our applications working through SSL/TLS. Your data will be safe because is transferred via the securely encrypted connection protocols.
- Certain changes to your account, such as to your password, will trigger email notifications to the account owner.
- Payment Gate Security Protection
- Protection against XSS attacks
- Cross-Site Request Forgery protection by generating nonce tokens for all forms and any sensitive information in our application.
- We use “AES” encryption on all major things like API keys, tokens, etc
- We perform the regular security audit
- We use a system of automatic notification of failures to prevent unauthorized access so that your widgets are always online