Last updated: 11/09/2024
01. Data Ownership
- Users retain ownership of their personal data.
- Ownership of most operational data is held by the user's tenant or tenants.
- Tenants are responsible for managing access and permissions within their own data environments.
- Allotrac may use aggregated & anonymised data for internal analytics and product development.
02. Data Storage
- Operational Data: Stored in an Atlas-hosted MongoDB cluster located in Australia. This data is backed up daily, with a 30-day retention period.
- Ephemeral Pub/Sub Data: Managed using an Enterprise Redis cluster in Australia. This data is transient and not retained long-term.
- Identity & Authentication Data: Managed through Auth0.
- Licensing & Billing Data: Handled through Stripe, ensuring secure storage and management.
- Embedded Finance Data: Managed via SpaceInvoices, hosted in Frankfurt, Germany.
- Static Files: Stored in a combination of AWS S3 and Google Cloud Buckets.
- User Analytics & Support Data: User analytics and support data is stored in:
- Zoho
- Twilio Segment
- June.so
- Google
- Amazon AWS
- Intercom
- Microsoft (Bing)
- Customer.io
- Webflow
- Facebook
- Reddit
- LinkedIn
- VWO
- Userflow
03. Data Access & Permissions
- User Data: Only accessible by other users if explicitly shared by the data owner.
- Tenant Data: Access is limited to users within the tenant and is governed by tenant-managed permissions. Tenants are responsible for configuring and maintaining these permissions.
- All data access is restricted by role-based access controls (RBAC) and enforced by the platform’s security policies.
04. Data Processing & Sharing
- Any data submitted to Allie, the AI feature, will be processed and passed to OpenAI for analysis and response generation.
- Operational data is processed within the platform for operational and analytical purposes in accordance with this policy.
05. Data Security
- We follow best practices to secure data, including encryption at rest and in transit, regular security audits, and access control mechanisms.
- All operational data and personally identifiable information (PII) are secured using industry-standard encryption protocols.
06. Data Retention & Backup
- Operational Data: Stored in an Atlas MongoDB cluster with failover. Backed up daily with a 30-day retention policy. Backup copies are securely stored and can be restored in the event of data loss.
- Ephemeral Data: Managed in Redis, which is designed for transient storage and is not backed up or retained beyond necessary operational windows (operational windows are defined as less than 24 hours).
07. Third-Party Services
- We rely on several third-party providers to handle specialized services such as billing, identity management, and embedded finance:
- Auth0 for identity and authentication.
- Stripe for licensing and billing data.
- Adyen for payment data
- SpaceInvoices for embedded finance data.
- OpenAI for data submitted to Allie for processing.
- AWS S3 / GCP Cloud Buckets for static file storage.
08. Data Sharing & Transfers
- Data is not shared with third parties except as necessary for the operation of the platform, as described above.
- Any data transfers to third-party services comply with applicable data protection laws and are subject to secure transfer protocols.
09. Data Integrity & Monitoring
- We use automated systems to monitor data integrity and ensure that data is consistent, accurate, and up-to-date.
- Any detected issues with data integrity are addressed promptly to minimize operational disruptions.
10. Data Access by Allotrac.io
- Access to data by Allotrac.io employees or contractors is strictly controlled and only permitted for troubleshooting, customer support, and platform maintenance, with audit logs maintained for accountability.