Skip to main content

Security and compliance

Kathyana Rule
  • Updated

The Celigo platform is built using best-of-breed technology frameworks and secure software development practices. Production and testing environments are completely segregated from each other, and customer data is never used in QA or developer testing.

Celigo has a designated Director of Security and Compliance to lead the Security Team and work with technical staff to support the implementation of the security requirements needed to operate at the levels of security and compliance that our management and our customers expect.

For more information:

Contents

Protocols

  • Incoming connections: TLS 1.2
  • HTTPS client traffic: TLS 1.2
  • Endpoint/FTP connections: HTTP and HTTPS TLS 1.0 to TLS 1.3 (highest available automatically selected)

Application authorizations and trusted connections

Account owners and administrators completely control authorization per user and per application.

Audit logs

Keep track of activity on your account for up to a year. Monitor integration and flow changes over the course of the resource’s lifecycle.

Regulatory compliance

Celigo handles all data at the highest level required for regulatory and voluntary compliance requirements, ensuring cloud security at multiple levels:

EU and UK

  • EU/UK GDPR-Ready

Contact Celigo for a Data Processing Agreement (DPA).

California

  • CCPA-Ready
  • CPRA – Pending

Other states

  • Nevada Chapter 603-A – Covered by GDPR and CCPA-Ready status
  • New York SHIELD ACT – Covered by GDPR and CCPA-Ready status

Voluntary compliance

  • SOC-2 – Type 2 compliant
  • HIPAA – HIPAA-ready, though not HIPAA-certified
    • HiTech – Not HiTech standard-certified, though qualified to support HiTech standard-certified companies (as a Business Associate to either a Covered Entity or another Business Associate) under the certified HiTech service providers’ infrastructure
    • Status – The Celigo Security Team has completed implementation for infrastructure encryption: restricted access to ePHI data, trained select staff, and provided secure laptops with full-disk encryption
  • FERPA-ready
  • FedRAMP – Not certified, since Celigo is not directly U.S. government-facing, but we can support companies that are FedRAMP certified as part of the certified FedRAMP service providers’ infrastructure
  • Privacy Shield – Certified

Data retention

The data retention period lasts for 30 or more days, based on your Celigo license. You can delete records if you choose to or if your customers exercise their Right to Delete.

Data protection

Data is encrypted in motion and at rest, according to country-specific data protection and privacy guidelines:

  • All data in motion inside AWS VPC – Encrypted at TLS 1.2 or better
  • All data temporarily stored in AWS – Encrypted at AES 256
  • Stored credentials – Encrypted at either AES 256 or pbkdf2

We support the highest level of HTTPS API TLS encryption available. For example, when NetSuite supports TLS 1.2, then the Celigo connection is also encrypted to TLS 1.2. Therefore, it is the customer's responsibility to ensure that the endpoint encryption is at least TLS 1.2. Otherwise, that particular segment of the data flow may not be considered securely encrypted – or encrypted at all in the case of an HTTP API. (Note that TLS 1.0 and 1.1 have been deprecated by the security community.)

Encryption keys

Celigo has enabled SSE-S3 for all Amazon S3 buckets. Each file saved in S3 is encrypted using a unique key, which in turn is encrypted using a master key.

Endpoint API credentials are provided by Celigo customers, who are responsible for updating tokens and passwords according to their security policies.

API credential security

You provide your API credentials for your endpoint, then they are encrypted and stored in integrator.io for subsequent flow steps.

Professional Services customer credentials vaulting

Need help developing flows? You can provide your credentials to us securely so that we can build it for you.

Related articles

Comments

0 comments

Please sign in to leave a comment.