Data Security and Privacy

At Protolyst the privacy of your data is important. We never sell your data to 3rd parties, and the data you add into Protolyst is owned by you.

Every feature of our product is built with privacy and security in mind, and we follow industry best practices, utilising industry-standard cloud infrastructure with trusted partners.

Here is some more information about what we do at Protolyst to protect your data and privacy.

Data Rights and Management

Data Ownership

All data is owned by Protolyst users, and is never sold on to 3rd parties. Users can request that their account and all associated data be deleted at any time. There are tools within Protolyst for users to delete data themselves. We will not view data unless given permission as part of a support case.

Data is Private by Default

All data submitted to Protolyst by a user is private to that Protolyst user and any other Protolyst users who are members of that workspace by default. Data can only be shared to another Protolyst user if done so by the account owner. In Team plans, workspace access for all users belonging to that team is controlled by the Organisation Administrators.

Data Hosting

Protolyst data is hosted in Google Cloud Servers located in the EU.

Data Deletion

Protolyst users can delete data using the tools within their Protolyst workspaces. They can also request for their account and all associated data to be entirely deleted. Requests need to be made in writing and sent from the email associated to a Protolyst account. Protolyst may also request the user provides information to validate the user’s identity in order for the deletion request to be processed.

Contact us to request data deletion

Data Breach

We do everything we can to prevent data breaches, but acknowledge that no environment can guarantee it is absolutely secure. In the event of a data breach, affected users will be informed within 72 hours of us becoming aware of the data breach.

Data Backups

Data in Protolyst is automatically backed up on our servers on a daily basis. Backup data is stored for no longer than 30 days.

Security Features

Encrypted in Transit

Data submitted by a user is encrypted in transit from the browsers to servers using TLS encryption

Encryption at Rest

All user-submitted data is encrypted at rest using AES encryption.

SSL Certificates

SSL certificates are kept up to date and secure using IONOS’s Automated Certificate Management.

OAuth Authentication

We follow best practices with user login information and use modern OAuth authentication.

Trusted 3rd Party Data Processors

We use trusted 3rd party data processors to store user submitted data. These data processors use a variety of measures to keep your data safe including, but not limited to: encryption in transit and at rest, firewalls with authentication requirements and TLS for secure communication.

Passwords are Hashed

Passwords are never stored in plain text and are hashed using scrypt.

Password Reset

Protolyst follows best practices to provide a secure way to reset passwords.

Payment Security

All payment and billing information is processed by our third-party payment processor, Stripe. For more information please see Stripe’s security pages.

Best Practices for Product and Software

Software engineering best practices

We regularly conduct Static Code Analysis and conduct software code reviews before releasing changes to Protolyst. 

Unit and Integration Testing 

Protolyst software code has a coverage of unit and integration tests.

Quality Assurance

Every change made to Protolyst goes through a rigorous manual quality assurance process before being deployed to the app.

Tracking and Resolving bugs and errors

We use third party monitoring and logging solutions to track and resolve bugs and errors. 

Two Factor Authentication

All employees are required to use two factor authentication for critical accounts.

Need to know Basis

Information is granted to employees only on a need-to-know basis. Access is revoked when no longer necessary.

Risk Assessments

Risk is assessed every time there are new machines, substances and procedures, which could lead to new hazards.

Compliance

GDPR

We are committed to GDPR compliance. Our Privacy Policy outlines how you can make data portability, erasure requests, request copies of your personal data and withdraw your consent to process your personal data by deleting your Protolyst account along with all your associated personal data.

Where we engage vendors, we ensure vendors are obligated only to use personal information for the purposes outlined in our data processing agreements.

You can send any questions here or find out more information in our Privacy Policy.