Who hosts WisePops’ servers?
Our main servers are hosted by OVH, in France.
These servers are persistent (contrary to ephemeral servers, they are physical servers), and store all data collected by the popups (emails, names, etc.)
The machines in charge of handling popups on customers’ websites are hosted by Amazon Web Services, in North Virginia, Frankfurt and Singapore. They are both scalable and ephemeral instances. They collect, transform, and send data to the main servers on OVH.
The tunnel between AWS & OVH is SSL encrypted (SHA-512) for maximum security.
Both providers meet the highest security and data protection standards.
OVH data protection policy is available here.
AWS’ data protection policy is accessible here.
What safeguards are in place to prevent unauthorized access to data?
To prevent direct access to our database, we put in place the following restrictions:
- Only WisePops lead developers have access to the servers.
- SSH is the only way to access our servers. There’s no FTP, our database is not opened to external connections and we don’t use tools like PhpMyAdmin, etc.
- Our servers are physically secured
To protect your account, we also took the following measures:
- The access to WisePops.com is protected by two technologies provided by Cloudflare: WAF & IP reputation firewall.
- Accounts are protected against brute-force attacks with the Fail2ban solution.
- Our own application forces the use of HTTPS.
What safeguards are in place to prevent Data Loss and Corruption?
Your data is backed up every day. Each backup is stored for 1 year on a dedicated server off-site.
We also create a backup each month which we store forever.
As part of our disaster recovery plan, we also back up all the calls to the machines handling popups on our customers’ websites on an AWS private S3 bucket.
What personal data do we store about you?
All the personal details we collect (email, password, name, etc.) about you are listed in your account configuration page. For security reasons, we also collect your IP address, login dates and user agent and store them for one year. These details are stored on our main servers in Gravelines (France).
We share some of your personal details (email, website, name and login) with Segment, Mixpanel and Intercom for internal use. We remain the only users and owners of this data.