Technical & Organizational measures
Technical & Organizational measures
This document describes all measures and efforts taken by Sentiance to ensure the security and quality of the data it processes via its Sentiance Ambient Intelligence Platform, such as the type of device, operating system, type of mobile browser, use of a specific application, real-time location based on information provided by device operating system, accelerometer data, gyroscope data, and (for certain device makes and types and to the extent permission is granted) step detection and count, Bluetooth information and battery information (collectively the ‘Data’)
By applying the following measures, Sentiance prevents the entrance of non-authorized persons to data-processing installations in which Data are processed or used:
Data is collected and processed by Sentiance on two locations:
- For development and testing purposes in the Sentiance headquarters in Antwerp, Belgium, as well as secured offshore development hubs contractually controlled by Sentiance. All facilities are duly secured by key locks and alarm systems.
- For testing, staging and production purposes on the Amazon Web Services (AWS) cloud computing platform in the Ireland region (eu-west-1):”Physical access is controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems and other electronic means. All entrances to AWS data centers, including the main entrance, the loading dock, and any roof doors/hatches, are secured with intrusion detection devices that sound alarms and create an alarm in AWS centralized physical security monitoring too if a door is forced open or held open. In addition to electronic mechanisms, AWS data centers utilize trained security guards 24×7, who are stationed in and around the building. All alarms are investigated by a security guard with root cause documented for all incidents. All alarms are set to auto-escalate if response does not occur within SLA time. Physical access points to server locations are recorded by closed circuit television camera (CCTV) as defined in the AWS Data Center Physical Security Policy. Images are retained for 90 days, unless limited to 30 days by legal or contractual obligations. AWS Physical Security Mechanisms are reviewed by independent external auditors during audits for our SOC, PCI DSS, ISO 27001 and FedRAMPsm compliance.”
By applying the following measures, Sentiance prevents the utilization of data-processing systems by non-authorized persons:
Sentiance employs two types of data-processing systems:
- Laptops as local workstations: Every software developer has a laptop assigned to him/her which is used to develop data processing systems. Every laptop is fitted with a personal password-protected user account for the software developer.
- Cloud Computing Platform operated by Amazon: Access to the AWS console is managed by personal password-protected user accounts managed through the AWS Identity and Access Management (IAM) service. Tokens for programmatic access (access token, secret key) to data processing systems are attached to the personal IAM user accounts and can be retracted at any time.
By applying the following measures, Sentiance ensures that persons authorized to use a data-processing system will only have access to those data that they have been authorized for and that, neither during the processing nor after storage, Data can be read, copied, altered or removed without a respective authorization:
Sentiance employees, i.e. software developers, that are authorized to use data processing systems are provided with a personal AWS user account and tokens. Specific accounts are in place to restrict certain access to Data depending on the job content and contribution to the Sentiance Platform.
By applying the following measures, Sentiance ensures that Data cannot be read, copied, altered or removed during electronic data transmission without authorization and that it is possible to check and determine at which points a transmission of personal data by means of data transmission installations is intended:
Sentiance employs an SSL connection for all data transmission in and out of the Sentiance API on AWS. The connection uses TLS 1.2. The connection is encrypted and authenticated using AES_128_GCM and uses ECDHE_RSA as the key exchange mechanism.
By applying the following measures, Sentiance ensures that it is possible to check and determine subsequently whether and by whom Data have been entered into data-processing systems, altered or removed:
Sentiance employs the AWS CloudTrail service to monitor any modification to its AWS account.
By applying the following measures, Sentiance ensures that Data subject to job processing are processed in strict accordance with the instructions given by the principal:
Access to Data and servers is granted to AWS via an encrypted connection and all access is logged and can be traced by Sentiance’s technical team. Specific accounts are in place to restrict certain access to Data.
By applying the following measures, Sentiance ensures that Data are protected against accidental destruction or loss:
Personal data arriving at the Sentiance Platform is consolidated as-is into a Master Dataset which can be interpreted as an append-only log of events. This Master Dataset is stored on an Hadoop Distributed File System (HDFS) on Elastic Compute (EC2) nodes on the AWS cloud computing environment. Data is stored on this HDFS instance with a replication factor of 3 for resilience against catastrophic loss of two nodes simultaneously.
Furthermore, every couple of hours a backup of the Master Dataset is created on S3. Backups stay available on S3 for two weeks.
Additionally, all raw events (i.e. before consolidation into the Master Dataset) received by the Sentiance Platform are backed up to S3 indefinitely. From these raw events, the Master Dataset can be recreated at any time.
Separation by Purpose
By applying the following measures, Sentiance ensures that data collected for different purposes can be processed separately:
Every integration of the Sentiance SDK into a mobile app, i.e. a specific purpose, is required to be provisioned with new app-specific credentials, i.e. app ID and key, even if it concerns different apps of the same client.
The Sentiance SDK automatically creates a new user account and id on first use within an app and associates the app-specific token to it.
Data is stored for processing in an append-only log partitioned by app.
During processing, data is only aggregated by user and by app.
Other Kinds of Control
All employees and consultants working for Sentiance are subject to individual confidentiality agreements.
Last updated: Friday, March 25 2016