We believe that everyone has the right to the privacy and security of their data and we take these rights very seriously. We have invested a great deal of time, effort and resources into ensuring that only authorized users can use our platform, that your information is secure and that your data is used only in proper ways. We achieve our goal of providing outstanding security and privacy controls via the following methods:
While we have already implemented state-of-the-art measures to ensure privacy and security, we will continuously update and improve those measures to keep up to date with the constantly evolving threat and regulatory landscapes.
We hope that you join us in our quest to be a security and privacy focused hosting solutions provider by familiarizing yourself with our policies and controls, by not sharing your account information with anyone and alerting us if you notice anything suspicious.
A study performed by the Ponemon Institute and IBM found that in 2018, roughly one quarter of all data breaches were caused by human error. We believe that it is up to companies to reduce this rate of human error by hiring smart, providing adequate training on privacy and security obligations, and by providing the right support whenever questions arise.
Prior to hiring, all employees are subject to a background screening to ensure the safety and privacy of your data.
Background checks can look at a potential employee’s:
A data center is a facility that houses our computer systems and equipment. Data centers are key to the security and privacy of data and thus we have chosen and proudly utilize some of the best infrastructure resources in the world. We chose Amazon Web Services (AWS) as our data center because it features the following controls:
You can find more details on the security measures implemented by AWS here: https://aws.amazon.com/compliance/data-center/controls/.
We have also chosen Google Compute Cloud as our provider because it features the following controls:
You can find more details on the security measures implemented by Google Compute Cloud here: https://cloud.google.com/security/infrastructure/.
Network security consists of the policies and practices that are used to prevent and monitor unauthorized access, misuse, modification, or denial of a computer network and network-accessible resources.
In order to ensure security at the point of demarcation of our network inwards, we only expose the bare minimum of services to the outside world, including but not limited to: port 80 and 443 on the load balancers.To understand how we ensure network security from our network outwards, please reference the following information from our network providers:
A Distributed Denial of Service (DDoS) is the intentional paralyzing of a computer network by flooding it with data sent simultaneously from many individual computers. We rely on our infrastructure providers’ network mitigation solutions as described here:
Each site on Convesio comes with many out of the box security settings preconfigured inside of the webserver and larger infrastructure to help thwart intrusions and alert us of any abnormalities. In addition, each site has advanced security features that are easily configured in your Convesio account for each site. Features include:
Unlike traditional hosting, each site on Convesio is encapsulated in its own micro architecture. The container only utilizes communication on a private subnet to access the filesystem, database, and any other services the container requires to operate – it is never exposed directly to the internet – it is exposed through the load balancer. This configuration ensures that your site and its data is secure and private.
Site running on Convesio can easily add a SSL certificate free of charge, provided by Let’sEncrypt, a leading SSL provider. Furthermore, we utilize SFTP to access your site’s filesystem on our platform – never connecting directly to your Docker container.
As part of our platform, we offer a backup system built directly into the control panel. You have the option to set the specific parameters of how and when you’d like your site to be backed up. As a best practice, you are also not denied the option of running a backup plugin in unison with our backup system – they will not interfere with each other. However, it is recommended that you upload your backups to a third-party storage service (Amazon S3, Google Cloud, Dropbox) and not stored directly inside WordPress on our platform as it will use account disk space resources.
We have an optional 2FA (Two-Factor Authentication) setting which can be configured by request. All account login requests are logged and any suspicious login activity will be sent to security staff for analysis. If you believe your account has been compromised, please reach out to our support team via live chat or support ticket so we may take action on your behalf.
We strive to be as transparent as possible with our security procedures. However, we do have some proprietary systems that we simply cannot expose to the general public. If you have questions or concerns, please do not hesitate to reach out to our team at [email protected]
We comply with the E.U. – U.S. Privacy Shield Framework and the Swiss – U.S. Privacy Shield Framework, established by the U.S. Department of Commerce. These Frameworks govern the collection, use, and retention of personal information transferred from the E.U. and Switzerland to the United States. We take the privacy of your data seriously and thus follow and comply with these Frameworks.