Security

 

 

Millions of users trust Stella Connect to keep data secure and private, and for a good reason. Here’s a quick look at our stand on security. For deeper information or to read our whitepapers on our certifications, contact us.

Secure by Design

Stella Connect takes security seriously. We consider it in the product design, in the development process, and in our technical architecture. The entire company knows its role in protecting the privacy of our clients’ customers.

AICPA SOC 2 Certification

Stella Connect is SOC 2 Type 1 certified by an external auditor. This covers a range of controls around Security and Confidentiality and is one of the premier security and privacy compliance certifications.

Privacy Ensured

To ensure the privacy of your information, all data is transferred between user devices and Stella Connect servers using encrypted connections via TLS 1.2. Stella Connect also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by the application. The cryptographic keys used to secure Stella Connect are protected by Amazon’s Key Management Services. All end customer PII is encrypted at a field level with client-specific keys.

Stella Connect and GDPR: Privacy by Design

We are not an analytics nor an advertising company and we have never been in the business of selling consumer data. We take privacy and security into account during every step of our development process and we had to make no technical changes to our platform to become GDPR compliant. We introduced the required policies and procedures to help our clients remain in compliance while using our platform.

Physical Security

We are hosted on AWS who provides robust, physical data center security and environmental controls. Additionally, we follow AWS’s best practices for maintaining security under their Shared Responsibility model and we use an external security auditor to confirm the use of cloud infrastructure best practices.

And other important best practices:

  • SSO via SAML integration

    We use OAuth2 to securely authenticate access to our application.

  • Encryption

    We enable encryption of sensitive data both at rest and in transit over public networks.

  • Data Usage

    We don't mine or access your data for advertising purposes.

  • Data Privacy

    We only use customer data to provide the service; we don’t look into your account without your permission.

  • Data Recovery

    We regularly back up your data and provide a maximum 24-hour RTO and RPO.

  • Data Ownership

    Your data 100% belongs to you. We only hold the data necessary to perform the services that our clients request.

  • Database Security

    We host your data in its own secure and encrypted database, with additional encryption on a field level.

  • Privacy & Safety Features

    We allow you to turn on and off privacy impacting features to meet your needs.

Interested in learning more? Speak to a member of our team.