Overview
Data automation is everything we do at Ferrio, so we truly understand the need to keep the data we handle safe. All of your organisation's data is sensitive, not just your financial data or personally identifiable information covered under GDPR and similar legal frameworks, so the same rules are applied across the product.
Data Retention
Ferrio Connect is an integration platform, not a storage platform. We retain as little data as possible and delete data permanently and immediately when it is no longer needed.
We store workflow executions for up to 60 days to allow for easy debugging. This data includes responses from API requests. On expiry, all workflow data is permanently deleted.
Data is encrypted at rest and stored in ISO 27001 compliant data centres from major providers (currently Microsoft Azure). Your account settings allow you to configure which region your data is stored in.
Data In Transit
We use TLS 1.2 wherever possible, however we can be limited by the capabilities of the APIs we communicate with. Some older products do not support TLS 1.2 and in these cases we must use the relevant security protocol. In these cases, the relevant protocol is only used for calls to the specific API.
Personally Identifiable Information
Personally identifiable information (PII) is any data that could potentially be used to identify a particular person, and is covered by various legal frameworks around the world including GDPR, the UK Data Protection Act (UKDPA), and CCPA. Some of the data we handle may constitute PII, such as contact data received from CRM systems or social networks.
PII is handled no differently to other data in Ferrio Connect; as little data as possible is stored for the shortest timeframe possible, all the data we store is visible to you, and all data is encrypted at rest.
Personally Identifiable Information
Personally identifiable information (PII) is any data that could potentially be used to identify a particular person, and is covered by various legal frameworks around the world including GDPR, the UK Data Protection Act (UKDPA), and CCPA. Some of the data we handle may constitute PII, such as contact data received from CRM systems or social networks.
PII is handled no differently to other data in Ferrio Connect; as little data as possible is stored for the shortest timeframe possible, all the data we store is visible to you, and all data is encrypted at rest.
Change & Vulnerability Management
Security is at the core of our development process and our culture encourages security as the first consideration before adding any new feature or connection to the product. OWASP Top Ten principles (https://owasp.org/www-project-top-ten/) are followed throughout the product design process. We conduct peer review of all new code with security as a primary consideration, from new platform level features to bug fixes, as per industry standard approaches.
We carry out automated security scanning of software before release to production to mitigate supply chain attacks.