Updated 9th December 2018
At WPHercules we take the protection of customer data extremely seriously. With this Security Policy we describe the organizational and technical measures WPHercules implements to prevent unauthorized access, use, alteration or disclosure of customer data.
2.- Our team
Our team is highly skilled and aware of what they are working on. Security practices with our personnel are based on these principles:
- Subsidiaries, Employees, and Independent Contractors access to data will only be granted if they have been educated on the security risks and when they have enough competense to fully understand them.
- Access is granted only to the data or service that is essential to the task at hand.
3.- Built in security
All our services comes with standard HTTPS certificate to protect the network. Customer access is done only with secure SSH/SFTP connections and unprotected FTP use is completely blocked.
We use Secure Sockets Layer (SSL) software to encrypt the information you enter on our website in order to protect its security during transmission to and from our website. When storing information, we protect its security by encryption and pseudonymization of critical data. When we process credit card information and payments, the credit card is subject to tokenization and strong security measures.
We do not store any payment method information in our servers or websites.
We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personally identifiable customer information. Our security procedures require us in some cases to request proof of identity before disclosing personal information to you.
To protect against unauthorised access to your account and information, we implement session management, login expiration mechanisms and other security measures. As an additional safety measure, be sure to sign off when you finish using your account and your computer.
Although we take all these measures to maintain the safety and security of your personal information, please note that no transmission over the Internet can ever be guaranteed to be secure. Consequently, please note that we cannot fully guarantee the security of any personal information that you transfer over the Internet to us.
All of our services run in the cloud. WPHercules does not run our own routers, load balancers, DNS servers, or any physical servers. Services and data are located in several data centers depending on the hosting provider of your installation.
Please review the third party sub-processors document for more information or contact us for more detailed information about your account.
5.- Log Data
WPHercules itself does not collect personal information about our customers’ customers, and is therefore not the controller of that data. However we store server access and error logs for a limited time (7 days). Every network connection and each entry including information such as the IP address of the connection and the timestamp. The logs are used to analyse traffic amounts and in many ways to promote security.
We backup our data to ensure the service availability and integrity.
The backups are stored on third party providers and separated from the original servers.
The backup data is encrypted and analysed for malware to ensure that the data is safe and secure.
We keep 20 days of backups of your websites. We will remove all backups 7 days after you finish your contract with us. At the end of this backup cycle data in backups is completely deleted.
7 days after the end of the service, the customer site with all including data will be permanently deleted and can not be recovered after the end of the backup recording time.
7.- Security Audits
The data controller is made available to all the information, which are necessary for the demonstration of compliance with the obligations laid down in, and will allow audits and inspections to the extent that is possible without infringing another customer or the provider of data protection and business secrets. Audit and inspection charges may apply, which is proportional to the amount of work entailed the facilitation of inspection.
Since WPHercules services work with several hosting providers we can not provide any kind of audits to their data centers beyond our own access possibilities.
8.- Handling of security breaches
We are responsible for notifying you of all security breaches without unnecessary delay, and we will try to do it at the latest 72 hours after we became aware of the breach. The notification must include the following:
- A description of the security breach, including the details of which groups of data subjects and personal data registries the breach affected, and the approximate number of the aforementioned;
- Name and contact information for the liaison of our employee or team handling the investigation into the security breach;
- A description of the consequences and/or likely consequences;
- A description of the measures taken by us due to the security breach and in order to suppress the adverse effects.
If it’s not possible to provide all the aforementioned information simultaneously, the information can be supplied in batches.
You must inform us immediately in case of a suspected security breach. You are also required to assist in the investigation of the security breach and to provide all the necessary information to us. We have the right to end an investigation into a security breach if you are not responding to contact attempts or if the benefit of a continued investigation is clearly minor.