Data security policies
Data security policies
Certifications and Assessments
see6 is not itself ISO27001 or SOC certified - however, see6 cloud providers are - details below.
see6 production services are provided by part of Google’s Cloud Platform, Firebase (“Firebase”). The physical servers are located in Google’s secure data centers. From Google’s documentation: “All Firebase services have successfully completed the ISO 27001 and SOC 1, SOC 2, and SOC 3 evaluation process, and some have also completed the ISO 27017 and ISO 27018 certification process.” Full details found here and further information on how Google controls, secures and complies can be found here.
Where is my data hosted?
see6 user content is stored on Google’s Firebase platform in the US. User content can also be found in see6 backups, stored in Google Cloud Storage. Further details of where Google stores data can be found here. Google Firebase data processing terms can be found here. We currently do not offer customers the option of hosting see6 on a private server, or to otherwise use see6 on a separate infrastructure.
Separate and distinct production, staging, and development environments are maintained, and production data is not replicated outside of the production restricted environments. Authorized and trained members of see6 support team who have undergone background checks are able to administer the see6 production environments, and can only authenticate using unique strong passwords and TOTP based 2FA. Customer data is not replicated onto employee workstations or mobile devices.
SAML 2.0 SSO is supported and can be configured for see6 Enterprise customers. All customers can enable 2FA on their accounts or use Google OAuth. If SSO or OAuth is used to access see6, see6 will inherit the login security settings in the user's IdP or Google account.
If logging in directly to see6 using an email and password, see6 requires a minimum of 8 characters. Repeated failed login attempts trigger a 30 second lock before a user can retry. Passwords are stored in a hashed form and will never be sent via email—upon account creation and password reset, see6 will send a link to the email associated with the account that will enable the user to create a new password.
Password complexity and session length requirements cannot be customized within the app. However, these can be set within an IdP for an SSO-enforced team.
All customer data is considered highly sensitive and protected and access is least privilege. Only authorized and trained members of the see6 team have direct access to production systems and user data. Those who do have direct access to data are only permitted to view it in aggregate or for troubleshooting purposes. User data is only viewed by see6 employees for troubleshooting purposes when consent has expressly been provided ahead of time by the account owner or an administrator.
We maintain a list of members of the see6 team with access to the production environment. These members undergo criminal background checks and are approved by the Directors. Another list allows all relevant roles to access code, as well as the development and staging environments. These lists are reviewed quarterly and on role change.
Trained members of the see6 customer support team have case-specific, limited access to user data through restricted access customer support tools. Customer support team members cannot review user-generated content without an express and revocable grant of permission. When a see6 user submits a support ticket, they have the option of authorizing the customer support team to view their data. The see6 Support team will only be able to access the account after authorization has been provided by an organization admin role, and access can be revoked at any time. Upon role change or leaving the company, or before firing, the production credentials of see6 employees are deactivated, and their sessions are forcibly logged out. From there, all accounts are removed or changed.
Third Party Access
Select customer data in very limited cases is shared only with third parties service providers acting as our agent (a user's email address for an email delivery provider, for example) and in strict compliance with signed service agreements.
Customer data is never to be replicated outside of the production environment and is never to be replicated onto employee workstations. Because of this, see6 relies on Google for physical security compliance. see6 production services are hosted on Google’s Firebase Platform. The physical servers are secure and details can be found here.
Corporate Environment and Removable Media
Only authorised employees have secure access to Production environments. Production customer data is never to be stored on employee workstations or removable media. Employee devices are required to time out and lock after a maximum of ten minutes of inactivity.
see6 uses industry standard Transport Layer Security (“TLS”) to create a secure connection using 128bit Advanced Encryption Standard (“AES”) encryption. There is no non-TLS option for connecting to see6. All connections are made securely over https.
We rely on Google’s Cloud Platform default encryption policies - from Google: “Data stored in Google Cloud Platform is encrypted at the storage level using either AES256 or AES128.” Full details can be found here.
Encryption on Mobile Devices
Not applicable for now, as see6 does not currently have active native mobile apps.
Encryption keys are accessed and managed by authorised personnel through Google as required.
Removing/Deleting Data from see6
Production customer data is never to be replicated outside of the production cloud environments and is never to be stored on employee workstations or removable media. On termination of a see6 Enterprise contract, and at the request of the customer, the data belonging to the Enterprise teams will be completely removed from the live production database and all file attachments uploaded directly to see6 will be removed within 30 days. The team’s data will remain in encrypted see6 database backups until those backups fall out of the 90-day backup retention window and are destroyed in accordance with see6 data retention policy. In the event that a database restore is necessary within 90 days of a requested data deletion, the see6 operations team will re-delete the data as soon as reasonably possible after the live production system is fully restored.
Development, Patch and Configuration Management
All changes to the production system, be they code or system configuration changes, require review prior to deployment to the production environment. Thousands of automated unit tests are run against all production code prior to deployment, as well as regularly conducted automated vulnerability scans and commissioned penetration tests. All changes are tested in a staging environment prior to deployment to production. Patches to the web client are deployed on a rolling basis, usually several times per week. Production servers are managed via a centralized configuration system. All system changes are peer reviewed and patches are deployed as relevant to their level of security and stability impact, with critical patches able to be deployed well within 24 hours of availability as appropriate.
see6 restricts access and maintains separate lists of relevant roles with access to source code, development, staging, and production environments. These lists are reviewed quarterly and on role change. We use source code management tools and repositories.
A full list of the open-source libraries used in see6 is available on request.
While some assets are not owned by a specific individual, ownership and maintenance of the confidentiality, integrity, and availability of our systems is distributed amongst the R&D and Support teams. Assets are transferred upon role change or leaving the company.
Data Within see6
Upon account creation, see6 users are asked for full name and email, though these do not need to be verified. see6 makes no assumptions about the types of data that a given customer may choose to store within its service. see6 is a visual discovery and collaboration tool that supports organizing of data into groups, themes, questions and insights and can include attachments, but the specific nature of what is stored is up to the customer.
see6 validates files for well-formedness and the like, however, we have explicitly designed the product to support any type of content users may choose to store within the see6 service.
User Team Management and Access
Admins for an Enterprise account will be set via your account manager.
It is not possible to limit the geolocations allowed to access data within see6. Data can be accessed by users who have access to such data within the app from any geolocation. All access to user data is via the API which includes strict authorization checks.
Integrations cannot be restricted within a group. Integrations which connect see6 to other services (such as Facebook Workplace or Slack) will require authentication with an existing account in that service before the Integration is active. If working within a corporate environment, the domain used to authenticate that account can be blocked in your environment's firewall.
Backup, Business Continuity, and Disaster Recovery Policy
Data, including attachments, entered into see6 is backed up regularly. All backups are encrypted and stored with Google Cloud Storage.
Files associated with see6 comments from a supported cloud storage provider (via integration) are subject to the storage provider’s own backup procedures and policies and are not included in the see6 backup procedures.
All backups are immediately encrypted with 256-bit AES encryption and stored in Google Cloud Storage. Encrypted backups can only be decrypted by members of the see6 support team who have received training and have been authorized to decrypt the backups.
A replica of see6 primary database is taken once every 24 hours.
All see6 backups are retained on Google Cloud Storage every 24 hours.
Only authorized members of the see6 support team have access to the backup locations, so that they are able to monitor the performance of the backup processes, and in the very unlikely event that a restore becomes necessary. After 90 days, the encrypted backup files are destroyed.
see6 data is available for export on a case by case basis - an authorised organization admin should contact firstname.lastname@example.org or submit a support ticket to start the process.
Business Continuity & Disaster Recovery
see6 relies on the significant measures that our cloud providers have in place for business continuity. From Google: “Google replicates data over multiple systems to help to protect against accidental destruction or loss. Google has designed and regularly plans and tests its business continuity planning/disaster recovery programs.”
Anti-virus and anti-malware
see6 has a centrally managed anti-virus solution and ensures that all employees computers are kept up to date.
Many of see6 employees work remotely. Customer data is never to be replicated outside of the production environment, which is stored within Google’s secure servers.
Authorized and trained members of see6 R&D and Support teams who have undergone background checks authenticate to production environment using unique strong passwords and TOTP based 2FA.
Any corporate network has no additional access to the production environment.
Security Awareness and Confidentiality
Security awareness and customer data access policies are covered during employee onboarding as appropriate to the role and employees are updated as relevant policies or practices change. Employees also sign a Confidential Information and Inventions Agreement.
In the event that a security policy is breached by an employee, see6 reserves the right to determine the appropriate response, which may include termination.
All employees undergo an extensive interview process before hiring. Employees with direct access to the production environment undergo a criminal background check. Other employees may undergo a check depending on their role (academic for legal roles, credit for finance, etc). Appropriate NDAs are in place with third parties as appropriate.
Employees are required to enforce 2FA when available and use a password manager with random, secure passwords. Authorized employees access the production environment by authenticating using unique strong passwords and TOTP based 2FA.
When it is necessary to perform planned maintenance on see6 services, the see6 support team will perform the work during one of two scheduled weekly maintenance windows. We will make reasonable efforts to announce maintenance procedures that could potentially impact users of see6 at least 24 hours prior to the event, and via an in-app announcement at least 30 minutes prior to the event.
Planned Maintenance Windows
Wednesday from 07:00 AM to 08:00 AM GMT.
Friday from 07:00 AM to 08:00 AM GMT.
These windows have been selected with the goal of minimizing service downtime, slowness, or other impact to the people and businesses that rely on see6.
We do our best to make outages as short as possible. Additionally, our maintenance schedule will frequently be evaluated to ensure that we keep user impact as low as reasonably possible. Should we need to reschedule these windows, the updated schedule will be announced with reasonable advance notice.
Due to unforeseen events, we may have to infrequently perform unplanned maintenance on see6 infrastructure or software components. This maintenance might cause some or all of the see6 services to be inaccessible by our users for a period of time. It is our goal to do this as infrequently as possible. Any unplanned or emergency maintenance will be announced with as much advance notice as reasonably possible. As with planned maintenance, we do our best to minimize disruption caused by service outages.