Last updated: March 29, 2018
ConvertAPI is committed to providing a highly secure and reliable integration service using proven, tested, best-in-class technologies, practices and procedures.
- Network (network segregation, firewalls, proxy servers and filtering)
- Host (server hardening, patch management, vulnerability management)
- Application (role-based access control, strong authentication, audit logging)
- Data (encryption, integrity monitoring, malware protection)
- Physical (ISO-certified, SOC2 audited data centers)
Native Security Functions
- Authentication through configurable policies for strong passwords as well as support for single sign-on via SAML 2.0.
- Access Control via role-based permissions that can be set to individual’s need to know.
- Encryption, both in transit and at rest. All access to ConvertAPI SaaS instances is encrypted via "high" security ciphers and the TLS protocol. The option to encrypt data stored in customer database instance using 256bit AES encryption protocol.
- Audit Logging and Monitoring. Audit logging is enabled for sensitive events and entities by default such as logins, admin activity, user, role, permission, etc. Configurable for other entities.
- High Availability with redundant systems and an uptime service level promise of 99,5%. Two live copies of databases store data in separate data centers, with automated failover. More than five conversion cloud servers are running in each region to utilize hight load and prevent downtime. Automatic vertical cloud servers scaling are performed on hight load.
- Single-tenant architecture. A private conversion cloud server, dedicated to your company. IP white-listing available to restrict access to the application.
- World-class data centers. ConvertAPI solution is hosted by IBM Data Centers(SoftLayer) in the Americas, Europe and the Asia Pacific regions in accordance and compliance with the highest security standards and information storage policies.
Your Privacy Respected
- Choice of data center location. ConvertAPI instances are hosted by IBM Data Centers(SoftLayer) in the Americas (USA, Mexico, Brazil), Europe (Netherlands) and Asia Pacific (Singapore, Australia) regions and can be accessed depending on customer preference.
- In memory file conversion.Submitted data and the generated files are kept only for the time necessary to efficiently process your requests. The ConvertAPI conversion cloud servers are kept in memory only and data is wiped off after every conversion.
- Compliance with Data Protection Regulations. ConvertAPI supports its customers’ compliance with European and North American data privacy regulations via selective data location and data protection agreements.
- GDPR-ready. ConvertAPI perceives this regulation as an important step forward in enhancing individuals’ data privacy and streamlining data protection laws across the EU. ConvertAPI is committed to compliance with the GDPR across its cloud services when enforcement begins on May 25, 2018.
- Full data ownership. Customer data is owned by the customer and can be removed by the customer at any time.
- No data retention beyond contracted service. Upon termination of the contract, all customer data deleted securely from ConvertAPI systems.
- No Advertising. We do not scan your data for building analytics, data-mining or advertising.