Stella Connect takes security seriously. We consider it in the product design, in the development process, and in our technical architecture. The entire company knows its role in protecting the privacy of our clients’ customers.
Stella Connect is SOC 2 Type 1 certified by an external auditor. This covers a range of controls around Security and Confidentiality and is one of the premier security and privacy compliance certifications.
To ensure the privacy of your information, all data is transferred between user devices and Stella Connect servers using encrypted connections via TLS 1.2. Stella Connect also employs encryption at rest (AES-256) to protect the secrecy of all data persisted by the application. The cryptographic keys used to secure Stella Connect are protected by Amazon’s Key Management Services. All end customer PII is encrypted at a field level with client-specific keys.
We are not an analytics nor an advertising company and we have never been in the business of selling consumer data. We take privacy and security into account during every step of our development process and we had to make no technical changes to our platform to become GDPR compliant. We introduced the required policies and procedures to help our clients remain in compliance while using our platform.
We are hosted on AWS who provides robust, physical data center security and environmental controls. Additionally, we follow AWS’s best practices for maintaining security under their Shared Responsibility model and we use an external security auditor to confirm the use of cloud infrastructure best practices.
We use OAuth2 to securely authenticate access to our application.
We enable encryption of sensitive data both at rest and in transit over public networks.
We don't mine or access your data for advertising purposes.
We only use customer data to provide the service; we don’t look into your account without your permission.
We regularly back up your data and provide a maximum 24-hour RTO and RPO.
Your data 100% belongs to you. We only hold the data necessary to perform the services that our clients request.
We host your data in its own secure and encrypted database, with additional encryption on a field level.
We allow you to turn on and off privacy impacting features to meet your needs.