Your site and visitor data are safe with BidGemmer. There are a number of steps we take to ensure you are the only person who can access your site data and that your visitors' privacy is respected.
Data storage
Visitor and usage data that BidGemmer collects through its software is stored in Ireland, European Union (EU) on the Amazon Web Services infrastructure, eu-west-1 data centers. Our application and database servers run inside an Amazon Virtual Private Cloud (VPC). Access to the VPC is limited to BidGemmer team members on a need-to-know basis. Data stores within the VPC are not directly exposed to the internet. Only systems with a direct technical need are exposed (e.g. frontend web servers, load balancers, and other systems, which directly serve customer traffic).
For exception-based logging, BidGemmer has designated sub-processors which are based outside of the EU. BidGemmer uses these designated sub-processors to provide reliable service to its users for infrastructure and application monitoring. The data they process is used solely by BidGemmer's engineering team to operate and improve the software's reliability. It is not queried or used for any other purposes.
Visitor privacy
- Site visitors are assigned a unique user identifier, UUID, so that BidGemmer can keep track of returning visitors without relying on any personal information, such as the IP address.
- IP addresses of visitors are always suppressed before being stored using BidGemmer's core feature-set. We set the last octet of IPv4 addresses, all connections to BidGemmer are made via IPv4, to 0 to ensure the full IP address is never written to disk. For example, if a visitor's IP address is 1.2.3.4, it will be stored as 1.2.3.0. The first three octets of the IP address are only used to determine the geographic location of the visitor.
- In all cases, the data is suppressed client-side, the visitor’s browser, which means it never reaches our servers.
Data collection and transmission
- Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
- BidGemmer transmits data from the visitor's browser to our system using HTTPS.
- The protocols and ciphers suite used to encrypt data in transit are available at the end of this article.
Data access and authentication
Only BidGemmer engineers who require such access to perform their job efficiently are given this type of access. Different engineers are given different access rights on different system components as well depending on what their job requires. Engineers who do have access, have their own credentials and these are only valid when used from specific IPs. SSH Key-Based authentication is used for server access.
Data collected through BidGemmer is exclusively reserved for use by our users and customers. BidGemmer does not make use of the data collected in any form or way unless consent is officially given by an admin of the BidGemmer account, clearly outlining what the data will be used for.
Data access and backup
At BidGemmer we use Database replication to keep your data safe in the case of system failure. Full database backups are taken every day, stored on Amazon Cloud Storage (AWS S3), and kept for four days as an electronic copy. In case two or more database nodes would fail concurrently we would have to revert to a backup.
Compliances and Certificates
BidGemmer utilizes Amazon Web Services (AWS) where our client data resides. Certifications and audit reports for AWS are:
- ISO-27001 Certification for AWS: https://aws.amazon.com/compliance/iso-27001-faqs/
- SOC2 third-party audit reports for AWS: https://aws.amazon.com/compliance/soc-faqs/
BidGemmer Architecture & Security
Data in transit is encrypted using the following protocols and ciphers:
SSL Protocols
TLSv1.2
SSL Ciphers
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article