Customer Data Retention and Encryption

Last updated on Aug 28, 2023

Hevo follows strict policies regarding the security and removal retention of your data. Although, Hevo temporarily retains your data in some scenarios, as mentioned in Retention and Encryption of Data at Rest, it is always encrypted using the AES algorithm and removed from our systems using a set of procedures.


Database and API Credentials

The database and API credentials that you provide to us while connecting to Sources and Destinations are encrypted with a key specific to you and cannot be accessed by anyone apart from the application itself.


Connections with Sources and Destinations

  • Hevo allows you to connect with Sources and Destinations through SSH Tunnel wherever applicable.

  • Connections to SaaS Sources are encrypted through HTTPS.


Encryption on Data in Transit

Hevo Pipelines use Kafka as a medium to move data across stages.

  • Communication within the Kafka nodes is always encrypted.

  • Our Kafka producers and consumers connect with Kafka over SSL.


Retention and Encryption of Data at Rest

Hevo retains your data temporarily in the following scenarios:

  • In a staging area before uploading it to the Destination: The data is stored encrypted and is deleted permanently within 24 hours of being uploaded to the Destination.

  • Failed Events in a Pipeline: The data is stored encrypted and is retained for 30 days until it is replayed or skipped from your Pipelines.

  • Samples for Transformations: Hevo retains a few Events ingested from your Source as sample data to allow you to test your Transformation code in Hevo’s Transformation UI. All the sample Events are stored in encrypted form. At regular intervals, Hevo deletes the sample Events that are more than a week old and retains only a few latest Events.

The keys used to encrypt your at-rest data are encrypted and stored securely. To further enhance security, the encrypted keys are rotated on a regular basis, which means that Hevo generates new keys to re-encrypt your data after a fixed time interval and the old keys are retired. This helps in:

  • Limiting the amount of data encrypted using the same key version.

  • Minimizing the amount of data being potentially vulnerable in case a key is compromised.

  • Ensuring system resilience in case of adversity to protect its critical capabilities from disruption.

Besides the above-mentioned scenarios, Hevo does not retain any of your data.


Revision History

Refer to the following table for the list of key updates made to this page:

Date Release Description of Change
Oct-25-2022 NA Updated section, Retention and Encryption of Data at Rest to add information about when Hevo deletes the sample Events.
Aug-24-2022 NA Updated the page overview to add information about the encryption algorithm used in Hevo.
Feb-07-2022 NA Updated section, Retention and Encryption of Data at Rest to add information about customer key encryption and rotation.
Dec-20-2021 NA Updated section, Retention and Encryption of Data at Rest to add information about customer key encryption and rotation.

Tell us what went wrong