Customer Data Retention and Encryption

Hevo follows strict policies for security and removal of customers’ data. We have clearly laid out procedures for encrypting and removing customers’ data from our systems.

Database and API Credentials

Customers provide us with their database and API credentials while connecting to Sources and Destinations. All credentials are encrypted with a key specific to the customer. The credentials cannot be accessed by anyone apart from the application itself.

Connections with Sources and Destinations

  • Connections with customer’s Sources and Destinations are encrypted through SSL by default.

  • Hevo allows you to connect with Sources and Destinations through SSH Tunnel wherever applicable.

  • Connections to SaaS Sources are encrypted through HTTPS.

Encryption on Data in Transit

Hevo Pipelines use Kafka as a medium to move data across stages.

  • Communication within the Kafka nodes is always encrypted.

  • Our Kafka producers and Consumers connect with Kafka over SSL.

Retention and Encryption of Data at Rest

Hevo retains Customer’s data temporarily for the following scenarios:

  • In a staging area before uploading it to the Destination. The data is stored encrypted and once uploaded to the Destination is deleted permanently within 24 hours.

  • Failed Events in a Pipeline. The data is stored encrypted and is retained for 30 days until it is Replayed or Skipped from your Pipelines.

  • Samples for Transformations. Hevo retains a few sample events to be used for testing the transformation code in Hevo’s Transformation UI. All these events are stored encrypted and cleared at regular intervals as new sample events arrive.

Besides the above-mentioned scenarios Hevo doesn’t retain any customer data inside it’s systems.

Last updated on 10 Aug 2021