At Protolyst the privacy of your data is important. We never sell your data to 3rd parties, and the data you add into Protolyst is owned by you.
Every feature of our product is built with privacy and security in mind, and we follow industry best practices, utilising industry-standard cloud infrastructure with trusted partners.
Here is some more information about what we do at Protolyst to protect your data and privacy.
Data Rights and Management
All data is owned by Protolyst users, and is never sold on to 3rd parties. Users can request that their account and all associated data be deleted at any time. There are tools within Protolyst for users to delete data themselves. We will not view data unless given permission as part of a support case.
Data is Private by Default
All data submitted to Protolyst by a user is private to that Protolyst user and any other Protolyst users who are members of that workspace by default. Data can only be shared to another Protolyst user if done so by the account owner. In Team plans, workspace access for all users belonging to that team is controlled by the Organisation Administrators.
Protolyst data is hosted in Google Cloud Servers located in the EU.
Protolyst users can delete data using the tools within their Protolyst workspaces. They can also request for their account and all associated data to be entirely deleted. Requests need to be made in writing and sent from the email associated to a Protolyst account. Protolyst may also request the user provides information to validate the user’s identity in order for the deletion request to be processed.
Contact us to request data deletion
We do everything we can to prevent data breaches, but acknowledge that no environment can guarantee it is absolutely secure. In the event of a data breach, affected users will be informed within 72 hours of us becoming aware of the data breach.
Data in Protolyst is automatically backed up on our servers on a daily basis. Backup data is stored for no longer than 30 days.
Encrypted in Transit
Data submitted by a user is encrypted in transit from the browsers to servers using TLS encryption
Encryption at Rest
All user-submitted data is encrypted at rest using AES encryption.
SSL certificates are kept up to date and secure using IONOS’s Automated Certificate Management.
We follow best practices with user login information and use modern OAuth authentication.
Trusted 3rd Party Data Processors
We use trusted 3rd party data processors to store user submitted data. These data processors use a variety of measures to keep your data safe including, but not limited to: encryption in transit and at rest, firewalls with authentication requirements and TLS for secure communication.
Passwords are Hashed
Passwords are never stored in plain text and are hashed using scrypt.
Protolyst follows best practices to provide a secure way to reset passwords.
All payment and billing information is processed by our third-party payment processor, Stripe. For more information please see Stripe’s security pages.
Best Practices for Product and Software
Software engineering best practices
We regularly conduct Static Code Analysis and conduct software code reviews before releasing changes to Protolyst.
Unit and Integration Testing
Protolyst software code has a coverage of unit and integration tests.
Every change made to Protolyst goes through a rigorous manual quality assurance process before being deployed to the app.
Tracking and Resolving bugs and errors
We use third party monitoring and logging solutions to track and resolve bugs and errors.
Two Factor Authentication
All employees are required to use two factor authentication for critical accounts.
Need to know Basis
Information is granted to employees only on a need-to-know basis. Access is revoked when no longer necessary.
Risk is assessed every time there are new machines, substances and procedures, which could lead to new hazards.
Where we engage vendors, we ensure vendors are obligated only to use personal information for the purposes outlined in our data processing agreements.