Policies

Overview

Shark Software is a self-contained platform for building end-to-end ROI business cases. The software is based on a smart web app architecture and is consumable across a multitude of platforms from traditional screen and keyboard to touch based tablet and phone devices. The front end of the software is written in JavaScript using the React framework for the view layer and Redux for the data state management (see https://reactjs.org/ and https://redux.js.org/).  

Authentication and Identity Management

Authentication of users is implemented using the Auth0 platform that supports either native authentication, multi-factor authentication, SAML2.0, AD (LD or LDAP) and social connectors (see  https://auth0.com/). Auth0 use AWS for their cloud data storage based on a multi-region fault resilient cluster, for more information on their data storage strategy please see the following links:

https://auth0.com/blog/how-we-store-data-in-the-cloud-at-auth0/

and

https://auth0.com/blog/auth0-architecture-running-in-multiple-cloud-providers-and-regions/

Data Storage, Hosting and Logging

Data is stored using Google Firebase Firestore NoSQL database. All data is encrypted before it is written to disk using the 256-bit encryption standard and each encryption key is itself encrypted with a regularly rotated set of master keys. The data is hosted on Google's US Eastern data centre (us-east1, Moncks Corner, South Carolina, USA) on solid state hard drives.  

We also use AWS RDS MySQL instance for storing some user credentials (first name, last name and email address only). Please see below for information regarding AWS compliance and security.

Other areas of data storage include the hosted Auth0 platform for native user credentials and authentication (this is only relevant if the customer is using our native authentication and not their own corporate systems e.g. Active Directory). We also store error logging and session data using a system called LogRocket which is stored on Google cloud platform. For further information on the way in which LogRocket stores its data please reference the following link:

https://docs.logrocket.com/docs/security

References:

For more information on any of the technologies or platforms mentioned above please see the following links:

JavaScript

https://developer.mozilla.org/bm/docs/Web/JavaScript

CSS

https://developer.mozilla.org/bm/docs/Web/CSS

HTML

https://developer.mozilla.org/bm/docs/Web/HTML

React

https://reactjs.org/

Redux

https://redux.js.org/

Auth0

https://auth0.com/

SAML 2.0

https://en.wikipedia.org/wiki/SAML_2.0

Multi Factor Authentication

https://en.wikipedia.org/wiki/Multi-factor_authentication

Firebase

https://firebase.google.com/

Firestore

https://firebase.google.com/products/firestore/

Firebase Security and Privacy

https://firebase.google.com/support/privacy/

Advanced Ecryption Standard

https://en.wikipedia.org/wiki/Advanced_Encryption_Standard

Google cloud locations

https://cloud.google.com/docs/geography-and-regions

LogRocket

https://logrocket.com/

This document is subject to change.

Security and Compliance

We partner with a number of technology vendors to help us deliver our product and services to you.

AWS

AWS RDS MySQL instance for storing some user credentials (first name, last name and email address only). The AWS Security, Privacy and Compliance website can be found here:

https://aws.amazon.com/compliance/

Firebase

Data is stored using Google Firebase Firestore NoSQL database.  All data is encrypted before it is written to disk using the 256-bit encryption standard and each encryption key is itself encrypted with a regularly rotated set of master keys. The data is hosted on Google's US Eastern data centre (us-east1, Moncks Corner, South Carolina, USA) on solid state hard drives. The Firebase Security and Privacy centre can be found here:

https://firebase.google.com/support/privacy/

Auth0

Authentication of users is implemented using the Auth0 platform that supports either native authentication, multi-factor authentication, SAML2.0, AD (LD or LDAP) and social connectors. The Auth0 Compliance, Security and Privacy sites can be found here:

https://auth0.com/security/

LogRocket

Anonymous logging and session data is stored using a system called LogRocket which uses the Google cloud platform. The Security and Compliance website for LogRocket can be found here:

https://docs.logrocket.com/docs/security