In recent years online communities have skyrocketed as organizations understand the immense value a community can bring to their business.
When creating an online community, online safety must not be overlooked.
Protecting member data and making sure the information you possess is treated appropriately are significant components for building a safe and secure online space – a space where trust can grow and members feel comfortable to participate.
You need to ensure that your technology partners provide the same level of security to protect your community and its data as you do – if not more.
This article will take a closer look at some of the most common questions we are asked concerning protecting and storing data at Hivebrite.
Where is Data Stored?
Hivebrite hosts all data in Google Cloud and Amazon Web Services.
How is Data Protected?
Security Certifications
Our hosting companies follow international security standards and maintain compliance certifications such as:
- SOC 1/2/3
- ISO 27001
Vulnerability Scanning
Third-parties perform quarterly internal and external vulnerability scans to scan our infrastructure and application against the OWASP top 10 security risks.
We also employ a third-party tool to scan our network and application internally on a continuous basis.
Third-party penetration testing
A penetration test, also known as a pen test, is a simulated cyberattack against a computer system to check for exploitable vulnerabilities.
We perform internal and external penetration tests at least annually.
Additional penetration tests are performed whenever a significant change is made to our infrastructure.
Information Security Officer
Our Information Security Officer ensures we are up to date with the latest strategies and processes to secure your data's privacy, availability, and integrity. We also have an Information Security Policy in place for all employees.
"At Hivebrite, security and data privacy are always top of mind when designing our product, managing our networks, and conducting daily business operations. We combine enterprise-grade security features with comprehensive audits to protect your data," Jean-François Filippi, Information Security Officer. |
Payments
The Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that handle branded credit cards from the major card schemes.
Hivebrite is PCI DSS certified to ensure we process payments on the platform according to the best security standards.
GDPR
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area. The purpose of the GDPR is to provide a set of standardized data protection laws across all the member countries.
We apply GDPR to all personal data.
We have a Data Processing Agreement and features to ensure that communities can be transparent with their members regarding their privacy.
Our Information Security Officer continuously ensures our practices and products respect GDPR to the best of our ability.
Data Encryption
When your data is encrypted, even if an unauthorized person or entity gains access to it, they will not be able to read it.
At Hivebrite, all customer data is encrypted at rest by GCP using the AES-256 cipher. All data sent to or from Hivebrite is encrypted in transit safe cipher suites. Our API and application endpoints are TLS only, starting with version 1.2 with secure ciphers.
Who Owns the Data?
All data is owned by the community (not Hivebrite). You can request to have your data deleted at any time.
For more comprehensive information on Hivebrite, data, and security, don't hesitate to get in touch with the Privacy Team at privacy@hivebrite.com
Hivebrite is an all-in-one community engagement platform. It empowers organizations of all sizes and sectors to launch, manage, and grow fully branded private communities. Schedule a demo today!