Datensicherheit

Guest Compass is committed to keeping any and all data we collect from clients safe and secure, following best-in-class industry standards and protocols. To reinforce this commitment, Guest Compass is certified by BDO in the key areas of software development. In addition a yearly PEN test is undertaken.

Ensuring the security of your data is paramount – it stands as one of our primary obligations. With a dedicated focus on data protection, Guest Compass places utmost importance on it across product design, system architecture, and internal procedures. We are steadfast in our commitment to openly communicate our security measures, instilling confidence in our customers regarding the safety of their businesses and clientele.

People Security

All Guest Compass employees are required to understand and follow internal policies and standards. Security training is mandated as part of the onboarding process including device security, data privacy, account management, and incident reporting/escalation.

Application Security

Standard best-practices are used throughout our software development cycle from design to implementation, testing, and deployment. All code is checked into a permanent version-controlled repository. All changes released into production are logged and archived, and alerts are sent to the engineering team automatically. Access to Guest Compass source code repositories requires strong credentials and two-factor authentication. 

Members of the Guest Compass team have substantial experience working with and building secure technology systems. We leverage industry best practices to prevent Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Clickjacking and other code injection attacks resulting from the execution of malicious content in the trusted web page context. 

Guest Compass requires users to create strong passwords. We use secure one-way hashes and other best practices to prevent brute force attacks. We encrypt data in transit and at rest.

Data Center & Network Security

Guest Compass leverages Amazon AWS data centers for all production systems and customer data.  Amazon WAS data centers meet the highest standards for cloud security. Amazon AWS data center facilities maintain redundant power supplies and strict physical security policy, permitting access only by authorized employees, under surveillance, with incident-specific approval for each physical access.

Guest Compass divides its systems into separate networks using logically isolated Virtual Private Clouds in Amazon AWS data centres. This setup protects sensitive data by providing isolation between machines in different trust zones. Systems supporting testing and development activities are hosted in a separate network from systems supporting Guest Compass’s production website. Customer data only exists and is only permitted to exist in Guest Compass’s production network, its most tightly controlled network. Network access to Guest Compass’s production environment from open, public networks (the Internet) is significantly restricted. Only network protocols essential for making Guest Compass’s service work are open at Guest Compass’s perimeter. All network access between production hosts is restricted using security groups to only allow authorized services to interact in the production network. Our infrastructure and applications are monitored using standard health checks and log watchers. This helps detect systems that are malfunctioning as well as potential intrusions. Our on-call engineering team is responsible for investigating and addressing issues as they emerge.

Servers deployed to production are hardened by disabling unnecessary and potentially insecure services, removing default passwords, and applying Guest Compass’s custom configuration settings before use. 

All Production Network systems, networked devices, and circuits are constantly monitored by both Guest Compass staff and automated incident detection systems. Infrastructure errors are monitored by Google and alert our engineering team.

Data Security

To protect data in transit between Guest Compass’s applications and our servers, Guest Compass uses TLS during data transfer, creating a secure tunnel protected by 256-bit or higher Advanced Encryption Standard (AES) encryption. TLS is further used to encrypt the traffic between Guest Compass servers and Guest Compass databases within the same datacenter. In our web application, we flag all authentication cookies as Secure. All data at rest in Guest Compass’s production network is encrypted using 256-bit Advanced Encryption Standard (AES). 

Guest Compass does not use conversational data for any purposes other than providing services to our customers. Users can further revoke access from Guest Compass at any time and request all their data in Guest Compass to be deleted.

No customer data persists on Guest Compass employee laptops. We apply the principle of least privilege in all operations to ensure confidentiality and integrity of customer data. All access to systems and customer data within the production network is limited to those employees with a specific business need. A best effort is made to troubleshoot issues without accessing customer data; however, if such access is necessary, all actions taken by the authorized employee are logged. Upon termination of work at Guest Compass, all access to Guest Compass systems is immediately revoked. 

Third-Party Integrations

Guest Compass vets all third-party integration services and configures them to meet above our own security standards. Guest Compass provides secure access via our API and customer-controlled API Keys.

Compliance

As a data processor, we aim to help our customers easily meet all requirements posed by their own regulatory and customer environments. For customers facing GDPR, CPCA, LGPD requests, we will promptly produce records of stored information and respond to requests for data deletion with minimum disruption to ongoing services. 

Disaster Recovery and Business Continuity

Guest Compass customer data is regularly backed up each day to guard against data loss scenarios. All backups are encrypted both in transit and at rest using strong industry encryption techniques. All backups are also geographically distributed to maintain redundancy in the event of a natural disaster or a location-specific failure. Guest Compass uses third-party monitoring services to track availability, with engineers on call to address any outages.

Additional Resources

For additional information, please view our privacy policy and terms of use.

GuestCompass