Customer Data Retention and Encryption
On This Page
Hevo follows strict policies regarding the security and removal retention of your data. Although, Hevo temporarily retains your data in some scenarios, as mentioned in Retention and Encryption of Data at Rest, it is always encrypted using the AES algorithm and removed from our systems using a set of procedures.
Database and API Credentials
The database and API credentials that you provide to us while connecting to Sources and Destinations are encrypted with a key specific to you and cannot be accessed by anyone apart from the application itself.
Connections with Sources and Destinations
Hevo allows you to connect with Sources and Destinations through SSH Tunnel wherever applicable.
Connections to SaaS Sources are encrypted through HTTPS.
Encryption on Data in Transit
Hevo Pipelines use Kafka as a medium to move data across stages.
Communication within the Kafka nodes is always encrypted.
Our Kafka producers and Consumers connect with Kafka over SSL.
Retention and Encryption of Data at Rest
Hevo retains your data temporarily for the following scenarios:
In a staging area before uploading it to the Destination: The data is stored encrypted and is deleted permanently within 24 hours of being uploaded to the Destination.
Failed Events in a Pipeline: The data is stored encrypted and is retained for 30 days until it is Replayed or Skipped from your Pipelines.
Samples for Transformations: Hevo retains a few sample Events to be used for testing the transformation code in Hevo’s Transformation UI. All these Events are stored encrypted and cleared at regular intervals as new sample Events arrive.
The keys used to encrypt your at-rest data are encrypted and stored securely. To further enhance security, the encrypted keys are rotated on a regular basis, which means that Hevo generates new keys to re-encrypt your data after a fixed time interval and the old keys are retired. This helps in:
Limiting the amount of data encrypted using the same key version.
Minimizing the amount of data being potentially vulnerable in case a key is compromised.
Ensuring system resilience in case of adversity to protect its critical capabilities from disruption.
Besides the above-mentioned scenarios, Hevo does not retain any of your data.
Refer to the following table for the list of key updates made to this page:
|Date||Release||Description of Change|
|Aug-24-2022||NA||Updated the page overview to add information about the encryption algorithm used in Hevo.|
|Feb-07-2022||NA||Updated section, Retention and Encryption of Data at Rest to add information about customer key encryption and rotation.|
|Dec-20-2021||NA||Updated section, Retention and Encryption of Data at Rest to add information about customer key encryption and rotation.|