Updated: October, 26th 2020
The privacy of your data is very important to us. This document explains how your data is stored, where it is stored and whether it is stored securely.
Customer Data is stored and processed in the following data centers with appropriate physical, technological, and administrative controls enacted to ensure appropriate access of Customer Data.
|SteadFast Networks||Data Center Colocation||Chicago, IL, United States||Security and certifications|
|Microsoft Azure||Hosting, data and file storage||Netherlands, Europe||Security, Certifications|
|Twilio SendGrid||E-mail relay||West Europe||Security|
dbFLEX encrypts the data over the wire via 256-bit (SHA2) TLS certificate, TLS 1.0, 1.1 and 1.2. Database is encrypted via AES256. File attachments are also encrypted via AES256.
dbFLEX backs up the data on an hourly basis. Since the data in the database is encrypted, backups are encrypted as well. Backup files and server logs are copied to a secure disaster recovery facility where they are kept for 6 months before being permanently deleted. dbFLEX doesn't utilize any type of removable media for backup storage, all backup files are stored on secure servers.
A small team of operations personnel have administrative access to the infrastructure where dbFLEX is hosted. Additionally, dbFLEX developers occasionally require a read-only access to the database metadata to troubleshoot problems. dbFLEX support personnel does not have access to customer databases unless they are invited or authorized by a customer.
All dbFLEX employees sign confidentiality agreements before gaining access to the code and data. Everyone at dbFLEX is trained and made aware of security concerns and best practices for their systems. Remote access to servers is established via company VPN and limited to workers who need access for their day to day work. All access events are logged for all accounts by IP address.
Once dbFLEX becomes aware of any suspected or confirmed data breach, dbFLEX will notify all affected customers via e-mail within 72 hours.
When a user registers a new account with dbFLEX, the system asks for first and last name, e-mail address, password, locale and time zone information. Name helps to personalize your experience. E-mail address is used as a unique user identifier and for communication with the user. Locale and time zone information is used by the system to present numbers and dates in an appropriate format.
Due to various data integrity constraints user account cannot be deleted, but it can be cleared from any personally identifiable information upon request to respective dbFLEX administrator.
dbFLEX won't hand your data over to law enforcement unless requested by a court order. We will reject data requests from local and federal law enforcement without a court order. And, unless we're legally prevented from it, we'll always inform you when we receive such requests.
Customers are responsible for understanding and implementing their data retention and deletion requirements related to the data they uploaded to dbFLEX. Customers may delete their data at any time and primary instances of their data in production systems will be erased immediately, however, since dbFLEX backups are kept for 6 months, it may take up to 6 months for their data to be completely purged from dbFLEX backup systems after been deleted from their apps.
Deleted records are moved to database's Recycle Bin, kept there for 30 days and then purged automatically. Database administrator can purge records from Recycle Bin manually at any time.
A database is considered ‘expired' when either its trial period ends, or a database subscription is cancelled. dbFLEX blocks access to expired databases. Expired paid databases are securely kept in locked stage until being deleted by a database owner or administrator. Expired trial databases are deleted automatically within 90 days after expiration. Database administrators are provided with all the means to delete a database at any time, before or after its expiration.
Databases that are deleted by their owners or administrators will disappear from users' reach immediately and will be physically deleted from the global database within 30 days.
All types of data deleted from online databases (from individual records to whole databases) will reside in system backups for 6 months. It will not be restored back to production systems, except for in certain rare instances such as the need to recover from a natural disaster or serious security breach. In such cases, some of deleted data instances may be restored from backups, but dbFLEX will immediately take all necessary steps to honor the initial request to delete and erase the primary instance of the data again.
ForeSoft generates a strong and stable revenue, it doesn't rely on any financing and is 100% debt-free. dbFLEX commits to serve its customers for life of databases' subscriptions and the company will never cease the operations. Nevertheless, dbFLEX provides exporting tools to allow customers establishing regular data backups to keep data locally.
dbFLEX customers' database structure and workflow configuration is considered by dbFLEX as these customers' intellectual property. dbFLEX protects customers' intellectual property and never shares it with other customers.
ForeSoft Corporation is a privately-held Chicago-based company committed to building state-of-the-art web-based software products.
We've been in business since 2001 and earned the trust of many different companies around the world.
Our products serve the wide range of businesses, from small and medium sized companies to big corporations with different types of activity, revenue scale and development level.
ForeSoft provides integrated online solutions for the most effective organizing, storing, quick sharing and functionality of data.