We use Amazon Web Services (AWS) for our production servers and databases. AWS takes security seriously - almost as seriously as we do.
Amazon employs cutting-edge data security measures, as well as physical access restrictions at server locations. We also use Hetzner Online GmbH for the login site to be compliant with the GDPR.
We don’t claim to be SOC compliant, but our datacenter providers are (AWS/Hetzner). Customers interested in SOC reports concerning the cloud infrastructure providers utilized by our services can obtain the reports directly from the respective providers.
We follow the principles and standard set out by the PCI Standards Council for storing and handling credit card information. More information is available here.
Customers acknowledge that Convert Insights Inc. is not a Business Associate or subcontractor (as those terms are defined in HIPAA) and that the Convert Insights Inc. Services are not HIPAA compliant. “HIPAA” means the Health Insurance Portability and Accountability Act and related amendments and regulations as updated or replaced. “Regulated Data” includes HIPAA-regulated data and data covered under the Gramm-Leach-Bliley Act (or related rules or regulations) as updated or replaced.
We aren’t ISO 27001 compliant, but our datacenter provider is (AWS). Customers interested in ISO 27001 report concerning the cloud infrastructure provider utilized by our services can obtain the report directly from the respective provider.
We understand that you rely on the Convert Experiences application to improve your website and your business. We're committed to making Convert a highly-available application that you can count on (Check Convert's uptime monitoring page).
Our infrastructure runs on systems that are fault tolerant for failures of individual servers or even entire data centers. Our operations team tests disaster-recovery measures regularly and staffs an around-the-clock on-call team to quickly resolve unexpected incidents.
All of our production infrastructure is built with redundancies in place, in highly-available configurations spread over two different availability zones in the eu-west-1 AWS region.
In the event of a security breach, we will promptly notify you of any unauthorized access to your Customer Data. We have incident management policies and procedures in place to handle such an event.
We engage independent entities to conduct regular application-level and infrastructure-level penetration tests.
Results of these tests are shared with the Convert Management team. Our Security Team reviews and prioritizes the reported findings and tracks them to resolution. Customers wishing to conduct their own penetration test of the Convert application may request to do so and should contact their account manager to obtain permission from both Convert and Convert’s hosting provider.
The OWASP Top-10 covers the most critical Web application security risks.
We are interested in actual security, so if someone reports what we feel are both:
We look kindly on the heads up, and might even send across a thank-you bonus!
All employees are required to read and sign our comprehensive information security policy covering the security, availability, and confidentiality of the Convert Experiences services.
We employ dedicated legal and compliance professionals with extensive expertise in data privacy and security.
These professionals are embedded in the development lifecycle and review products and features for compliance with applicable legal and regulatory requirements.
We also have a business code of conduct that makes legal, ethical and socially responsible choices and actions fundamental to our values and standards for meeting those goals.
Book an On-Demand Demo to Learn More About Our Security Measures