Security

Our customer’s trust and data security are core and critical to what we do at NotFoundBot.

Who we are

NotFoundBot is a platform and service operated and provided by SaaSync, LLC (“SaaSync“), a limited liability company organized under the laws of the State of Wyoming, United States.

Overview

NotFoundBot was built from the ground up with data security in the forefront of our architecture. So much so, that NotFoundBot greatly limits the storage of personally identifying customer and visitor data on our servers. Our mission is to get you the metrics that you need and your site visitors to the destination that they desire while limiting the data storage needed to perform the service.

We understand the importance of safeguarding your data, thus we have implemented controls and best practices to provide the highest standard of security for our users and customers. Below are some of those mechanisms.

Data storage

We securely store the following categories of data in our database:

  1. Customer Data: This encompasses the information comprising your user account, such as your login credentials, your website URL, etc.
  2. Customer Website Data: This includes publicly available data from your website, encompassing the content on your pages and the structure provided by your sitemap.
  3. Website Visitor Data: To enable our services, we collect and retain data related to visitor behavior on your website. This includes tracking events such as the occurrence of a visit to a 404 page, auto-redirection or assisted redirection, and eventual purchases. This data is aggregated and associated with a session identifier. In some cases, with explicit consent from you and in some regions your visitor, we may link the session data to a one-way hash of the visitor’s email address. Please note that NotFoundBot does not retain any contact information about your visitors or customers that could be used for direct contact.

In addition to the above, we may also maintain the following logs:

  • Error Responses: We log error responses from integrated systems for a period of up to 60 days.
  • Audit Trail: An audit trail of actions performed is retained for up to 60 days.
  • Webhooks History: For systems that support webhooks, we store a history of received webhooks for up to 60 days.

Data privacy

Your data is your property and will never be sold to third parties.

  • GDPR compliant: NotFoundBot and all our third-party providers are compliant with the EU’s General Data Protection Regulation. Our Data Processing Addendum is available for your review.
  • Credit cards: NotFoundBot does not process or store any credit card details belonging to you or your customers. Your card details are never transmitted through or stored on our infrastructure. All credit card payments made to NotFoundBot go through a partner, either Shopify or Stripe depending upon where you initiate a payment profile. Details about their security setup and PCI compliance can be found at Shopify’s security page or Stripe’s security page.
  • Passwords: Your password is encrypted and never stored in our database in a readable/unencrypted format. You are responsible for choosing a strong password and keeping it secret. We do enforce a password complexity standard and credentials are stored using a PBKDF function (bcrypt).
  • Personal Data Deletion: If you are using the Shopify Platform and our Shopify App, we respect and support requests to delete your customer’s personal data. Instructions for doing so can be found here.

Product & Network security

  • Password and Credential Storage: NotFoundBot enforces a password complexity standard and account credentials are stored using a PBKDF function (bcrypt). Integration API credentials are stored using an advanced encryption standard (AES).
  • Uptime: We have uptime of 99.9% or higher. You can check our recent statistics at our Status Page.
  • Monitoring: We monitor application, software, and infrastructure behavior through industry-established services that are highly reliable and compliant.
  • Data hosting and storage: NotFoundBot services and data are hosted in Amazon Web Service (AWS) facilities in the USA.
  • Fault tolerance: NotFoundBot provides multiple failover instances to prevent outages due to single points of failure.
  • Encryption: Data sessions are always protected with TLS protocols and 2,048-bit keys. We also encrypt sensitive data at rest using an industry-standard AES-256 encryption algorithm.
  • Virtual Private Cloud: All of our servers are within our own virtual private cloud (VPC) with network access control lists (ACLs) that prevent unauthorized requests getting to our internal network.
  • Incident policy: Incidents are handled through a defined and documented process. We run post-mortems and all employees are informed of our policies.

Data centers and network

Our data center provider, AWS, maintains ISO 27001, SOC2, GDPR compliance, along with numerous other certifications and standards.