Security, Encryption, Personal Data & Audit Trails
We use multiple layers of encryption and security to keep users’ personal data safe.
- We maintain an internal “risk and protection classification” for all the different pieces of data our platform collects. Each data point is classified based on its risk to the rights of the data subject if the data is stolen or leaked, and an appropriate data protection level is assigned to that data point.
- All internal transport routes (i.e., between servers and databases), are behind a private network, and communications are encrypted using either TLS or SSH.
- All storage media used to store data are encrypted at the block or volume level, where appropriate.
- Individual data fields in our database use an “envelope encryption” scheme with a unique key per data point, so that even if our database is breached, it is unlikely that an attacker will be able to decode the relevant data.
- Database backups are encrypted separately and stored off-site with a different key, so that a primary data center breach would not affect any offset database backups.
- Developers do not work with live data when building features for the platform.
Audit Trails
Most actions that users or administrators can take within the Tidal Labs platform are recorded and logged in an Audit Trail, also known as an “Interaction History”. The most useful and prominent place this can be seen is in our campaign management interface. Most of the time, users take action on behalf of their own accounts. However, sometimes brand managers need to intervene and take action on behalf of the user. The Interaction History therefore allows brand managers to see “who did what, when”.
Interaction history is also used as a security control. While this system is primarily used for actions taken on a piece of data, it is also used for access requests for users’ personal data. Therefore, any time the personal data of a user is requested, an entry is logged in the audit trail. This allows us to quickly and easily identify data leaks and other security issues.