Who hosts WisePops’ servers?
Our application (https://app.wisepops.com) is hosted by Google Cloud, in the USA. It contains your account information and popups configurations & statistics. All the data is encrypted in transit and at rest.
The data collected within your popups (eg. visitors' emails) is also stored and processed by Google Cloud. This is a serverless infrastructure, that makes the connections with external services, such as Mailchimp.
The machines in charge of handling popups on customers’ websites are hosted by Amazon Web Services, in North Virginia, Frankfurt and Singapore. They are both scalable and ephemeral instances. They are in charge of resolving your popups' scenarios and enriching the collected data before forwarding it to Google Cloud.
All connections between our servers are SSL encrypted for maximum security (RSA 2048 + PCKS8).
These two providers meet the highest security and data protection standards:
Which domains are involved when using WisePops on your website?
It is useful to know which WisePops' domains are requested from your website, to define your Content-Security-Policy (CSP). Here is a complete list of the involved domains:
What safeguards are in place to prevent unauthorized access to data?
To prevent direct access to our database, we put in place the following restrictions:
- Only our lead developers have access to the production servers.
- SSH (with private key or gcloud utiliy) is the only way to access our servers. There’s no FTP, our database is not opened to external connections and we don’t use tools like PhpMyAdmin, etc.
- Our servers are behind a firewall.
- Our servers are physically secured.
To protect your account, we also took the following measures:
- The access to Wisepops.com is protected by two technologies provided by Cloudflare: WAF & IP reputation firewall.
- Accounts are protected against brute-force attacks with the Fail2ban solution.
- Our own application forces the use of HTTPS.
What safeguards are in place to prevent Data Loss and Corruption?
Your data is backed up every day, and stored for 7 days.
As part of our disaster recovery plan, we also back up all the calls to the machines handling popups on our customers’ websites on an AWS private S3 bucket.
What personal data do we store about you?
All the personal details we collect (email, password, name, etc.) about you are listed in your account configuration page. For security reasons, we also collect your IP address, login dates and user agent and store them for one month. These details are stored by Google Cloud Logging.
We share some of your personal details (email, website, name and login) with Segment, Mixpanel and Intercom for internal use. We remain the only users and owners of this data.