Security
Effective date: January 29th, 2025
Data center
Datarag is hosted on render.com, a PaaS owned by Render Services, Inc. Our data centers operate on the Europe (Frankfurt) region of Amazon Web Services, being accredited under ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate and Sarbanes-Oxley (SOX).
Learn more about Render's security here.
Data encryption,
in transit and at rest
All internal or external service communications are encrypted via SSL using TLS1.2+ protocols. Data is encrypted at rest with AES-256, block-level storage encryption.
Data sharing
Data sharing occurs when integrations are enabled. Datarag may retrieve user account details (name, email and avatar), only when a user is using the integration. No Datarag data is shared with the integrations, unless for updating data on the integration's side.
Data retention
Application data is retained until the termination of the account. When a Datarag user account is deleted, no data is retained. Server logs are retained for 7 days, with all personal data anonymized before storage. Audit logs, used for storing application actions, are retained for a year, with all personal data anonymized before storage.
User authentication
Users are authenticated through Google social login, or by using passwordless email authentication. No passwords are stored on our servers. In the case of passwordless authentication, the user is sent an one-off expiring token to the provided email address, that can be used over a very limited amount of time in order to enter the platform.
Confidentiality
All employees are restricted by regulations to maintain confidentiality. Access to data is restricted, unless required in order to provide technical support.
Incident management
In the unfortunate event of security breach or unauthorized access to user data, the company will inform you within 72 hours, in compliance with GDPR.
Payments
All payments are processed by our subscription partner Paddle. No credit card information is stored on our servers.