About Tuvis Security
The Covered Services are designed and operated with architecture to segregate and restrict Customer Data access based on business needs. The architecture provides an effective logical data separation for different customers via customer-specific “Organization ID” and “User ID” and allows the use of customer and user role-based access privileges. Additional data segregation is ensured by providing separate environments for different functions, especially for testing and production. This specific infrastructure used to host our Customer Data (we do not store any of your customers’ data on our servers at any time) is described in the “Infrastructure and Subprocessors” documentation available here.
Control of Processing
Tuvis has implemented procedures designed to ensure that Customer Data is processed securely, throughout the entire chain of secured processing methods by Tuvis and its subprocessors. In particular, Tuvis and its affiliates have entered into written agreements with their subprocessors containing privacy, data protection, and data security obligations that provide a level of protection appropriate to their data processing. Compliance with such obligations as well as the technical and organizational data security measures implemented by Tuvis and its sub-processors are subject to regular audits. The “Infrastructure and Sub-processors” documentation describes the subprocessors and certain other entities’ material to Tuvis’ provision of the Covered Services.
Infrastructure and Subprocessors
Please note that some of the abovementioned Personal Data will be used for fraud detection and prevention, and for security purposes. The abovementioned. We may use Anonymous Information and/or disclose it to third parties without restrictions (for example, in order to improve our services and enhance your experience with them).
Security Policies and Procedures
- We do not store any passwords on our servers
- We do not store or log any API credentials or access tokens on our servers
- We do store user access log entries, including date, time, user ID, URL executed, or entity
- We do store ID operated on, the operation performed, and source IP address.
- If there is suspicion of inappropriate access, Tuvis can provide customers log entry records and/or analysis of such records to assist in forensic analysis when available.
- Incident Management
The Covered Services use industry-accepted encryption products to protect Customer Data and communications during transmissions between a customer’s network and the Covered Services, including through Transport Layer Encryption (TLS) leveraging at least 2048-bit RSA server certificates and 128-bit symmetric encryption keys at a minimum. Additionally, all data, including Customer Data, is transmitted between data centers for replication purposes across a dedicated, encrypted link utilizing AES-256 encryption.
Return of Customer Data
Deletion of Customer Data
For any questions or if you need additional information please contact us at [email protected]