Who hosts WisePops’ servers?

Our application servers are hosted by OVH, in France.

These servers are persistent (contrary to ephemeral servers, they are physical servers), and run our application website. It contains your account information and popups configurations & statistics.

The data collected within your popups (eg. visitors' emails) is stored and processed by Google Cloud. This is a serverless infrastructure, that makes the connections with external services, such as Mailchimp.

The machines in charge of handling popups on customers’ websites are hosted by Amazon Web Services, in North Virginia, Frankfurt and Singapore. They are both scalable and ephemeral instances. They are in charge of resolving your popups' scenarios, and enriching the collected data before forwarding it to Google Cloud.

All connections between our servers are SSL encrypted for maximum security.

The three providers meet the highest security and data protection standards:

Which domains are involved when using WisePops on your website?

It is useful to know which WisePops' domains are requested from your website, to define your Content-Security-Policy. Here is a complete list of the involved domains:

  • app.wisepops.com
  • cdn.wisepops.com - might be used in the future
  • loader.wisepops.com
  • popup.wisepops.com
  • tracking.wisepops.com

What safeguards are in place to prevent unauthorized access to data?

To prevent direct access to our database, we put in place the following restrictions:

  • Only our lead developers have access to the production servers.
  • SSH with private key is the only way to access our servers. There’s no FTP, our database is not opened to external connections and we don’t use tools like PhpMyAdmin, etc.
  • Our servers are behind a firewall.
  • Our servers are physically secured.

To protect your account, we also took the following measures:

  • The access to Wisepops.com is protected by two technologies provided by Cloudflare: WAF & IP reputation firewall.
  • Accounts are protected against brute-force attacks with the Fail2ban solution.
  • Our own application forces the use of HTTPS.

What safeguards are in place to prevent Data Loss and Corruption?

Your data is backed up every day. Each backup is stored for 1 year on a dedicated server off-site.

We also create a backup each month which we store forever.

As part of our disaster recovery plan, we also back up all the calls to the machines handling popups on our customers’ websites on an AWS private S3 bucket.

What personal data do we store about you?

All the personal details we collect (email, password, name, etc.) about you are listed in your account configuration page. For security reasons, we also collect your IP address, login dates and user agent and store them for one year. These details are stored on our main servers in Gravelines (France).

We share some of your personal details (email, website, name and login) with Segment, Mixpanel and Intercom for internal use. We remain the only users and owners of this data.

Did this answer your question?