AllSides Connect and all related web applications are hosted on Heroku, a Salesforce company. Heroku regularly performs audits and maintains a number of certifications. The detailed list of audits and certifications is maintained in the Security Privacy and Architecture (“SPARC”) document for Heroku which is part of the Heroku Enterprise Master Subscription Agreement.
Below are the relevant certifications related to AllSides Connect:
ISO 27001, 27017, and 27018 Certification
Salesforce has been certified against this set of widely recognized and internationally accepted information security standards that specifies security management best practices and comprehensive security controls following ISO 27002. These certifications also cover information security specific to the cloud the protection of Personally Identifiable Information (PII).
SOC 1, 2, and 3 Attestation Reports
Salesforce has been issued SOC1, 2 and 3 reports by an independent auditor. The SOC1 Type II is an independent examination of the IT General controls and controls around availability, confidentiality and security of customer data processed by the Heroku Platform relevant for the financial reporting of customers. The SOC2 Type 2 is a restricted to use report and independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability and confidentiality of the customer data processed by the Heroku Platform. The general use SOC3 report is an independent examination of the fairness of presentation and the suitability of the design of controls relevant to security, availability and confidentiality of the customer data processed by the Heroku Platform.
Data connected by AllSides Connect is stored in and PostgreSQL database through Heroku and cached in a Firestore datastore using Firebase, a Google company.
Heroku PostgreSQL Data Residency
When a database gets provisioned, the data associated with that database is stored within the region in which it’s created. However, a number of services that are ancillary to Heroku Postgres as well as the systems that manage the fleet of databases may not be located within the same region as the provisioned databases. Here are some:
- Postgres Continuous Protection for disaster recovery stores the base backup and write-ahead logs in the same region that the database is located.
- Application logs are routed to Logplex, which is hosted in the US. In addition to logs from your application, this includes System logs and Heroku Postgres logs from any database attached to your application.
- PG Backup snapshots are stored in the US.
- Dataclips are stored in the US.
Firestore Datastore Encryption
Firebase uses Google Cloud's strong security features, including encryption in transit with HTTPS, and encryption at rest for many services, including Cloud Firestore.
For more information, please visit https://allsidesconnect.zendesk.com/hc/en-us/articles/360034176192-Privacy-Policy