Hevo follows strict policies for security and removal of customer's data. We have clearly laid out procedures for encrypting and removing customer's data from our systems.
Database and API Credentials.
Customers provide us with their database and API credentials while connecting to Sources and Destinations. All credentials are encrypted with a key specific to the customer. The credentials cannot be accessed by anyone apart from the application itself.
Connections with Sources and Destinations
- Connections with customer's Sources and Destinations are encrypted through SSL by default.
- Hevo allows you to connect with Sources and Destinations through SSH Tunnel wherever applicable.
- Connections to SaaS Sources are encrypted through HTTPS
Encryption on Data in Transit
Hevo pipelines use Kafka as a medium to move data across stages.
- Communication within the Kafka nodes is always encrypted.
- Our Kafka producers and Consumers connect with Kafka over SSL.
Retention and Encryption of Data at Rest
Hevo retains Customer's data temporarily for the following scenarios:
- In a staging area before uploading it to the Destination. The data is stored encrypted and once uploaded to the Destination is deleted permanently within 24 hours.
- In the Replay Queue. The data is stored encrypted and is retained until you Replay or Skip the data from your Hevo Pipelines.
- Samples for Transformations. Hevo retains a few sample events to be used for testing the transformation code in Hevo's Transformation UI. All these events are stored encrypted and cleared at regular intervals as new sample events arrive.
Besides, the above-mentioned scenarios Hevo doesn't retain any customer data inside it's systems.