Data Retention Policy
Any data that is encrypted is encrypted using a minimum of AES 256 bit encryption. All data is access controlled and only available on a need to know basis.
Web Service Call Data
How web service data may be retained falls into two categories:
1. Billing and Client Reporting Purposes (mandatory)
2. Support Debug Purposes (optional)
Billing and Client Reporting Purposes
We collect the following data and store it for a period of 90 days at the individual transaction level.
- Account id of caller
- Time of call
- Service name
- IP address of caller
- Encryption protocol used
- Response time
- Input flags
- Result codes
We aggregate this data to hourly statistics and store the aggregated data in perpetuity for billing and client reporting purposes.
Support Debug Data
Support debug logging is turned on by default for the transaction data we store for 90 days. This allows us to view the content of an API call and the response that was sent back when contacted by a client in order to better investigate issues that the client is having with our service. To turn off support debug then call our endpoint with -nolog (see Endpoint
here). Please note that this prevents the servers, load balancers, etc. from logging optional information, so it won't exist in any log, ever - not even for a nano-second. We will only log the mandatory billing and client reporting codes. It is important to note that when a customer opts out of Support Debug then we will only have access to the information tracked for billing purposes. We will not know what information you sent inside your request, or what was in the response.
Physical Infrastructure
We run our solutions in multi-availability zones in Dublin, Ireland hosted by AWS. We have a failover facility in AWS Frankfurt, but we only failover to this facility if a catastrophic event occurs in AWS Dublin that affects multiple availability zones. No configuration is required by the client to handle switching to or from our failover facility. The Autoaddress API resolves to a couple of
static IP addresses and traffic will be routed to the correct location through those IPs automatically.