The Celigo platform is built using best-of-breed technology frameworks and secure software development practices. Production and testing environments are completely segregated from each other, and customer data is never used in QA or developer testing.
Celigo has a designated Director of Security and Compliance to lead the Security Team and work with technical staff to support the implementation of the security requirements needed to operate at the levels of security and compliance that our management and our customers expect.
For more information:
- Celigo privacy policy, cookie policy, and GDPR compliance
- Transport Layer Security (TLS)
- The highly scalable and robust iPaaS (PDF)
- Security guidelines for integrator.io
- Keeping your data secure while integrating with Celigo
Contents
- Protocols
- Application authorizations and trusted connections
- Audit logs
- Regulatory-compliance
- Voluntary compliance
- Data retention
- Data protection
Protocols
- Incoming connections: TLS 1.2
- HTTPS client traffic: TLS 1.2
- Endpoint/FTP connections: HTTP and HTTPS TLS 1.0 to TLS 1.3 (highest available automatically selected)
Application authorizations and trusted connections
Account owners and administrators completely control authorization per user and per application.
Audit logs
Keep track of activity on your account for up to a year. Monitor integration and flow changes over the course of the resource’s lifecycle.
Regulatory compliance
Celigo handles all data at the highest level required for regulatory and voluntary compliance requirements, ensuring cloud security at multiple levels:
EU and UK
- EU/UK GDPR-Ready
Contact Celigo for a Data Processing Agreement (DPA).
California
- CCPA-Ready
- CPRA – Pending
Other states
- Nevada Chapter 603-A – Covered by GDPR and CCPA-Ready status
- New York SHIELD ACT – Covered by GDPR and CCPA-Ready status
Voluntary compliance
- SOC-2 – Type 2 compliant
- HIPAA – HIPAA-ready, though not HIPAA-certified
- HiTech – Not HiTech standard-certified, though qualified to support HiTech standard-certified companies (as a Business Associate to either a Covered Entity or another Business Associate) under the certified HiTech service providers’ infrastructure
- Status – The Celigo Security Team has completed implementation for infrastructure encryption: restricted access to ePHI data, trained select staff, and provided secure laptops with full-disk encryption
- FERPA-ready
- FedRAMP – Not certified, since Celigo is not directly U.S. government-facing, but we can support companies that are FedRAMP certified as part of the certified FedRAMP service providers’ infrastructure
- Privacy Shield – Certified
Data retention
The data retention period lasts for 30 or more days, based on your Celigo license. You can delete records if you choose to or if your customers exercise their Right to Delete.
Data protection
Data is encrypted in motion and at rest, according to country-specific data protection and privacy guidelines:
- All data in motion inside AWS VPC – Encrypted at TLS 1.2 or better
- All data temporarily stored in AWS – Encrypted at AES 256
- Stored credentials – Encrypted at either AES 256 or pbkdf2
We support the highest level of HTTPS API TLS encryption available. For example, when NetSuite supports TLS 1.2, then the Celigo connection is also encrypted to TLS 1.2. Therefore, it is the customer's responsibility to ensure that the endpoint encryption is at least TLS 1.2. Otherwise, that particular segment of the data flow may not be considered securely encrypted – or encrypted at all in the case of an HTTP API. (Note that TLS 1.0 and 1.1 have been deprecated by the security community.)
Encryption keys
Celigo has enabled SSE-S3 for all Amazon S3 buckets. Each file saved in S3 is encrypted using a unique key, which in turn is encrypted using a master key.
Endpoint API credentials are provided by Celigo customers, who are responsible for updating tokens and passwords according to their security policies.
API credential security
You provide your API credentials for your endpoint, then they are encrypted and stored in integrator.io for subsequent flow steps.
Professional Services customer credentials vaulting
Need help developing flows? You can provide your credentials to us securely so that we can build it for you.
Comments
0 comments
Please sign in to leave a comment.