Propel’s GDPR compliance
The General Data Protection Regulation (GDPR) is a regulation that provides greater protection for the privacy and personal data of individuals within the European Union (EU).
Encryption at rest
At Propel, all data is stored with disk-level encryption. Disk level encryption is a method of data security that protects data at rest, or data that is stored on a hard disk or other storage device. This works by encrypting all stored data on the disk, using a strong encryption algorithm.
With disk-level encryption, even if an unauthorized person gains access to the physical hard drive, they would be unable to read the data because it is encrypted. This provides an additional layer of security beyond traditional access controls such as passwords or user permissions.
Encryption in transit
Encryption in transit focuses on protecting data while it is transmitted between devices or systems. This is crucial for maintaining the confidentiality and integrity of data as it travels across networks, including the Internet. All requests into or out of our Virtual Private Cloud use Transport Layer Security.
A Data Processing Addendum (often abbreviated to a DPA or a GDPR data processing agreement) is a key component of GDPR compliance. It’s a legal document that specifies how personal data is used in relation to conducting our business. To view our full Data Processing Addendum, click here.
Isolating your customer’s data with tenant ID
Taking data security a step further, we’ve spent a lot of time thinking about how our customers secure their data when providing access for their customers. Propel Data Pools are a high-speed data store and cache optimized for serving data with low latency that can be used in both a multi-tenant and a Data Pool-per-customer configuration in order to main isolation between customers.
To enable multi-tenant support, Data Pools have an optional property called tenant ID. The tenant ID property identifies the table column that contains your end customer's unique identifier. By setting a tenant ID value to your end customer’s unique identifier during OAuth authentication, you can restrict a customer to accessing only their data. You can learn more about the authentication flow in our docs.
Deleting your data
A key component of GDPR compliance is the ability to automatically remove data at any time. To support this, we’ve released the Deletion Job API. This functionality allows you to delete data using our powerful GraphQL query syntax. Customers can specify a particular Data Pool to delete data from and then specify the data to delete using filters. This gives our customers full control over the timely removal of data.
To get started with Propel, you can sign up here. If you’d like to learn more about Propel or any of the security and privacy features of the platform, we’d love to speak with you; click here to book a demo today!