Security and data privacy
Actiknow Consulting Private Limited is committed to safeguarding the confidentiality, integrity, and availability of its data and information systems. At our company, safeguarding your data is a crucial obligation that we take extremely seriously. We strongly value transparency in our work, and this extends to our security practices as well. It’s important to us that our customers understand our approach and dedication to ensuring the security of their information.
We ensure that the information you load through our data integrations is not stored permanently, and it never enters any backup.
We cache the data temporarily to serve you efficiently, and it usually stays in short-lived encrypted caches.
During its transit between us and the data source or you, the data always undergoes strong encryption to maintain its security.
Protection of our customers data
Our system only stores customer processed data as cached data, which is regularly invalidated based on the data source’s design timeline. The duration of the cache can vary from a few minutes to longer periods, which we will inform you of and obtain your consent. However, since we solely rely on caching, none of your processed data is permanently stored in backups. In case the cache is removed, you can always retrieve fresh data from the data source directly.
To access data on your request or schedule, we keep your customer access tokens, which are encrypted and stored securely. Additionally, we may retain other data such as custom field metadata or account names and information, but only if required for the data source integration’s functionality.
Website, account management, and purchases
We prioritize the security of all connections to our services, including our web portal, account management system, and any transactions made through our platform. To ensure this, we employ industry-standard cryptographic protocols (TLS 1.2+) to encrypt all connections by default.
Furthermore, we have implemented a mechanism that redirects any attempts to connect over an unencrypted channel (HTTP) to an encrypted channel (HTTPS). This ensures that all data transmitted between you and our services remains secure and protected from unauthorized access.
Connectors
By default, all connections to customers’ data source APIs and systems, as well as connections to data destinations like Google Sheets, Microsoft Excel, or data warehouses, are encrypted using SSL.
In cases where we need to connect to a customer’s own database, we provide strong encryption options that are chosen by the customer.
Permissions
Data source permissions
To retrieve data from sources like Facebook Ads and Google Ads APIs, Actiknow mandates customers to grant read access. OAuth access tokens are used whenever possible to obtain this access. By doing so, customers authorize the data source service to grant Actiknow access to retrieve data. These tokens can be revoked through Actiknow login management or from the data source services.
Actiknow ensures that it only requires the minimum necessary permissions to read data. Your data will only be accessed based on your instructions through our tools or automated scheduling set up via Actiknow. If a data source grants more than read-only access, Actiknow will never make use of those additional permissions.
We highly value your tokens and encrypt them strongly. They are never shared or logged.
Data destination permissions
Actiknow will request specific permissions depending on the tools that you choose to use. For instance, if you opt for Google Sheets, we will only ask for permission to read and write to your spreadsheets. We always strive to request the minimum necessary permissions to provide you with our service. If the default permissions granted are greater than what we require, we will never utilize those permissions.
Furthermore, we offer various options for transferring data to your data destination. For instance, we offer tools that enable you to transfer data to your Google BigQuery, where you may need to grant us permissions to create schemas in your database. However, we also provide Google BigQuery Data Transfer Service Connectors, where you do not have to grant us such access. Kindly reach out to our sales team to discuss the best options for your organization and how we can be of assistance to you.
Solution infrastructure
As a “data privacy first” organization, we adhere to the highest standards of security and follow industry best practices to safeguard your data. This includes using customized and hardened server images, bastion hosts, multiple firewalls, and multi-factor authentication. We strictly enforce the principle of least privilege and continuously monitor and review our IAM policies and security roles.
To ensure the highest level of security, we conduct annual third-party security audits of our application and systems. You can obtain the reports of these tests from us under a non-disclosure agreement (NDA).
Physical and environmental safeguards
We process your data using top cloud providers, namely Google Cloud Platform and Amazon Web Services, both of which undergo frequent compliance and regulatory audits to ensure the security of their services.
Actiknow has implemented industry-standard physical security measures in its office facilities. This includes secure access control, burglar alarms, CCTV cameras, motion detectors, and other relevant security measures. In addition, all visitors are required to sign in at the reception upon arrival. These measures are designed to ensure the security of the premises and prevent unauthorized access to sensitive areas.
Company policies
Actiknow places a strong emphasis on security and requires all employees to comply with security policies to ensure customer information is kept safe. We provide security training to all employees immediately upon joining the company and conduct annual refresher training thereafter. To ensure secure access to systems, we require two-factor authentication, VPNs, and strong password controls for administrative access.
We regularly review our security policies and practices, including change management and peer review within our software development life cycle, to ensure we follow industry best practices.
Secure Development
We follow a robust development process where security is an integral part of the various development phases.
Before any changes to the production services, all contributors to the updated software version ensure that their changes are functioning correctly in the staging environment. Additionally, all changes to the source code that are intended for use in production are reviewed by qualified engineering peers, which includes analysis of security and performance.
Access Control
Access to Actiknow Consulting Private Limited’s information assets is granted based on the principle of least privilege. All access must be authorized by the CISO or a designated authority. Access privileges will be granted based on job responsibilities and requirements. All users must have unique user accounts and must use strong passwords that meet the company’s password policy requirements. Accounts must be disabled or removed when access is no longer required.
Network Security
Actiknow Consulting Private Limited’s network is secured against unauthorized access, unauthorized use, or disclosure of information. Access to the network must be authorized and monitored. All connections to the network are protected using VPN or other secure technologies. Wireless networks must be secured using encryption and authentication technologies.
Incident Response
All security incidents are reported to the CISO or designated authority. The incident response plan must be followed to mitigate the impact of the incident and to prevent it from happening in the future. The incident response team must be trained and prepared to respond to security incidents.
Third-Party Vendor Management
Actiknow Consulting Private Limited ensures that third-party vendors who access or use the company’s information assets comply with the company’s security policies and standards. Third-party vendors must be evaluated and selected based on their security posture, and their security controls must be audited periodically.
Compliance
Actiknow Consulting Private Limited complies with all applicable laws, regulations, and industry standards related to information security. The company also complies with contractual obligations related to information security.
Conclusion
Actiknow Consulting Private Limited’s security policy is designed to protect the confidentiality, integrity, and availability of the company’s information assets. All employees, contractors, and third-party vendors comply with the policy and help maintain the security of the company’s information assets.