Welcome to the Wingify Knowledge Base! This site is growing. If you can't find what you're looking for, visit help.vwo.com for more resources.

Start Free trial

Articles in this section

See more →

Wingify Data Protection and Security Measures

Shweta Ajwani
  • Updated
Share:
Follow
close this to read article

To ensure that customer data is safe and always protected on Wingify servers, we implement stringent security measures and access policies, including data encryption, unauthorized access restriction, and anonymization options:

  • Pseudonymization: Pseudonymization protects your data by replacing personally identifiable information fields by one or more artificial or pseudonyms. For example, the name “Clyde” can be stored under a pseudonym like “qOerd.” The visitor UUID is stored only after pseudonymization by using a one-way hash.
  • Anonymization: Anonymization hides the identity of individuals and any data that can be used to identify them, such as names, email addresses, passwords, and IP addresses. For example, by default, Wingify anonymises the last octet of IPv4 addresses or the last 5 segments of IPv6 addresses before storing it on Wingify servers. Also, we allow users to select and apply different anonymization formats.
  • Application Security: The Wingify development team is trained on OWASP Secure Coding Practices and uses the industry best practices for building secure applications.
  • Code Repository: Wingify code is stored in a code repository system hosted by our cloud data center provider, Google Cloud Platform (GCP).
  • Code Reviews: We have strict policies and least access privileges to code on our data centers. All commits, fixes, and updates to production code are strictly reviewed and approved by the VP-Engineering and Associate-Directors, only after these pass Unit Testing and QA in local and test environments.
  • Access Privileges: The data stored on production servers is accessible only to the Head of Engineering and lead engineers. No other member of Wingify has access to customer data unless specific access permission is granted by the Chief Executive Officer, SVP-Engineering, and VP-Engineering for resolving any technical issue or for debugging purposes.
  • Data Backup: Wingify takes an hourly backup of the database at our cloud data centers.
  • Encryption: All data reaching Wingify servers from recordings, survey responses, or the custom dimension is encrypted by using the industry-standard AES-256 encryption algorithm.
  • Secure Connections: Wingify is connected to the web through HTTPS protocol by using TLS 1.2 and above, a cryptographic protocol designed to protect against eavesdropping, tampering, and message forgery.
  • Application Access Policy
    • To ensure appropriate access rights, we adopt the role-based and least access privileges policies while creating accounts, adding users, or giving access rights.
    • You can restrict specific IP Addresses from accessing a Wingify account.
    • Email alerts and notifications can be configured to send every activity taking place in a customer’s account.
    • There are provisions for users to sign out from all of their signed-in sessions.
    • Disable or delete users at any time.
    • Auto logoff if a user changes the password or if the user profile is disabled or deleted.
  • Operational Security
    • All Wingify employees must undergo mandatory training in data protection and security.
    • Wingify is committed to implementing industry best practices and security standards across policies, procedures, technology, and people on an ongoing basis.
    • ISO 27001:2022 (ISMS), ISO 27017 Cloud Security, ISO 27018 Cloud Privacy and ISO 27701:2019 (PIMS) standards certified.
  • Multi-Tenancy: All Wingify customer data is hosted on our cloud data centers and is segregated logically by the Wingify application.
  • Network Security: Wingify is hosted on secure servers managed by GCP. Any physical access to the GCP data centers is restricted to everyone. Firewalls are configured by using industry best practices, and all unnecessary ports are blocked. Internally, Wingify uses VLAN for private networking, so the data flow is secure from public networks.
  • Product Security and Privacy: Wingify has introduced different setting configurations to make sure that personal data is anonymized before storing it on Wingify servers. All data passing through Wingify servers is encrypted or hidden to ensure visitor privacy. To learn about different privacy settings and how to configure data security, click here.
  • Data Breach Response: In the event of a breach in data security, Wingify will promptly notify you within forty-eight hours after the breach is detected. We have incident management policies and procedures to handle any such events or emergencies.
  • Disaster Recovery: Wingify maintains a robust Disaster Recovery (DR) framework to ensure business continuity and protection of customer data. We perform hourly and daily backups, while storing backup copies in multi-regional sites within the same geography as the client’s selected data center. Wingify conducts disaster recovery drills at least once every year to validate preparedness. These drills test recovery time objectives (RTO) and recovery point objectives (RPO) to ensure rapid restoration of services and minimal data loss in the event of a disruption.
  • Session Management: Every time a Wingify user signs in to the Wingify account, the system assigns a new session identifier for the user. The session identifier is a 64-byte random generated value to protect the account against brute force attacks. All sessions time out after 7 days, requiring the users to sign in to their account again, and the currently active sessions are set to time out after 4 hours of inactivity. For optimal performance, you can configure to terminate all sessions after 15 minutes of inactivity.

Was this article helpful?

Return to top

Related articles