Security at Tray.io
Keeping our customers' data secure is the single most important thing we do here at tray.io. We go to significant lengths to ensure that all data sent to and through tray is handled securely - because keeping tray secure is fundamental to the nature of our business.
We'd like to share some of the practices we're following to keep your data secure in this document, and what we're doing to continually improve the security of your data.
This document can be treated as a living document, we will update it from time to time.
If you have any questions at all, please feel free to get in touch with us at email@example.com.
Our team is made up of people who have years of experience working for large multinational companies in areas where security is paramount such as big data, payments, gambling, advertising and defence technologies. Our passion for security is foremost and we make sure that even the least security oriented engineering roles are tested thoroughly on their security knowledge.
Security best practices are ever evolving, so at tray we invest significant time & resource in ensuring we’re up-to-date with the latest best practices and approaches to security:
-We only store the data we need to - that which is required for accessing your account, connecting with your different third party tools, and debugging workflows.
- All data sent to tray.io is encrypted in transit. Our workflow and application endpoints are TLS/SSL only and score an "A" rating on SSL Labs' tests - meaning that we only use strong cipher suites.
- We use technologies such as Scalyr and AWS VPC Flow Logs to provide an audit trail over our infrastructure and the tray.io application. Auditing allows us to do ad-hoc security analysis, track changes made to our setup and audit access to every layer of our stack.
- We have advanced alerting and monitoring systems for both security an uptime. Engineers are on call 24/7 in case any problems are detected.
- We use two-factor authentication on third party software accounts we use. We regularly review the permissions given to different third party tools, and discourage the use of shared logins. Where shared logins are unavoidable, we use 1Password for teams to securely share logins.
- We have fully functional automation systems in place which enable us to deploy changes to any of our applications in minutes. We typically deploy dozens of times a week (sometimes even a day) - so we are well placed to roll out a security fix quickly, should the need arise.
- We implement data encryption at rest for sensitive data points including user passwords, API keys, and access tokens.
- We remove sensitive data such as API keys and access tokens from workflow run log data stored.
- We have documented incident response plans to handle any issues that might arise.
All our production systems and databases are running on Amazon’s Web Services facilities, hosted in the USA. For full information on the extensive measures Amazon take to keep their facilities secure, visit the AWS security page.
Tray does not store payment information on our servers - we’re not in the business of payments processing. All online payments are processed through our payments provider, Stripe. For more information about PCI compliance and Stripe’s other security features, see Stripe’s security page.
We make sure that we only store the data that is required for running workflows as long as its needed and, where possible, all data that we do store can be deleted on request. All data is encrypted when being transferred across both internal and external networks.
The following is a list of the types of data we store and how long we store it.
- Personal Account Information Any personal details, such as your name and email address, that you provide when creating a Tray account will be stored for as long as your account is active. At any time you can request your account be deleted and this data will deleted from our systems.
- Personally Identifiable Information (PII) We use a number of different tools to help us track usage of the product such as raw server logs and analytics tools (Google Analytics etc). These tools may receive personally identifiable information such as your computers IP address and in some cases your name and/or email address. Raw server logs are not stored for more than 30 days and, from the 25th May 2018, as part of our compliance with the upcoming EU General Data Protection Regulation (GDPR) you can request any PII that we store, to be removed from our systems and any sub processors we employ.
- Workflow Execution Data When you run a workflow or template on the Tray platform, we need to store various stateful data as part of the execution process and for post execution logging. We store detailed execution data and log information for all workflows only for as long as it is needed. Raw execution data is removed from our systems within a few days of a workflow execution finishing and detailed workflow log data is stored for a maximum of 30 days.
- Authentication Data To allow workflows to process data between different 3rd party services on your behalf, we will often require you to provide authentication to these 3rd party services in the form of usernames, passwords and access tokens (including from the result of OAuth authentication flow). This sensitive authentication data is encrypted at REST in our databases, using strong 256 bit encryption, and will be removed if you delete the authentication in question or your Tray account. All sensitive authentication data is obfuscated when passed through workflow execution state and logs.
- Workflow Data Storage The data storage connector allows end users to store data within a workflow execution at three different scoping levels - Account, Workflow and Execution. Any data that is stored using the Execution scope will be removed shortly after a workflow execution is finished. Any data stored in the Workflow scope will be persisted until you delete this workflow or your account. Any data stored in the Account scope will be persisted until you deleted your account. Please Note: Tray.io Inc. is not responsible for how the data storage connector is used, nor do we have the ability to remove individual items of data on request. As part of compliance for EU GDPR we will be providing the ability for end users to search, browse and remove specific data stored in the Account and Workflow scope.
- Account Passwords We use strong bcrypt hashing and salts when storing your account passwords. These passwords are deleted if you delete your account.
- Backups We store regular daily backups of all important information. These backups are stored for a maximum of 7 days before they are removed.