Information security and data protection

Get an understanding of Productsup's information security and data protection.

At Productsup, the confidentiality of customer data and the reliability of offered services is important. Productsup is committed to a comprehensive company-wide information security program and continues to participate in independent external security validations, such as being certified according to ISO/IEC 27001.

Authentication

With SAML 2.0-based single sign-on (SSO), we provide our customers with the ability to access our service through an identity provider (IDP) of their choice. Our platform has strict requirements for password complexity and uses two-factor authentication (2FA) to provide an extra layer of security.

Data Centers

Our servers are hosted at state-of-the-art data center parks that provide excellent and environmentally friendly infrastructure. These data centers meet strict safety requirements and hold certifications such as ISO/IEC 27001. Our cloud hosting provider is also certified for various security and privacy standards including ISO 27001, ISO 27017, ISO 27018, SOC1, SOC2, and SOC3 among others.

DDoS Protection

Our hosting provider's automated DDoS protection system recognizes almost all attack patterns in advance, allowing it to block attacks and effectively thwart the vast majority of them. It uses the latest hardware appliances and sophisticated perimeter security technologies, providing first-rate protection against large-scale DDoS attacks.

Incident Response

We have established policies and procedures for responding to potential security incidents. All security incidents are managed by our dedicated incident response team. In the event of an incident, affected customers will be informed and quickly updated by our support team while our teams fix the issue. In addition, the operational status of our platform components is always available for our customers under https://status.productsup.io/.

Privacy

Fulfilling our data privacy and security commitments is essential to us. We have therefore ensured that our processes, data processing agreements (DPAs), and other protections in place comply with GDPR requirements. Our compliance with GDPR requirements is regularly audited through our external DPO Nils Möllers (Keyed GmbH).

Reliability

To ensure the safety of our customers' data, we perform incremental backups every hour and full backups every day, storing them both on- and off-site. We test our data restoration procedure regularly, and, if needed, we are able to smoothly switch to another infrastructure region as core components are redundantly deployed across two geographically separated hosting locations.

Secure Development

At Productsup, security is managed throughout every stage of our software development lifecycle (SDLC). This involves the application of development procedures and secure coding principles, consideration of OWASP Top 10 vulnerabilities as well as fully automated code reviews with strict quality gates among others.

Vulnerability Scanning

Productsup uses advanced network and web application vulnerability scanners to identify existing vulnerabilities and potential security threats. Identified vulnerabilities are assessed by our development and infrastructure operations team and remediated subsequently. In addition, we regularly undergo external security assessments through independent third parties.

Encryption

Our service uses HTTPS with modern TLS (1.2) implementations only and strong ciphers to encrypt all data while in transit. For sensitive data at rest, column-level encryption is applied (AES256) and user credentials are salted and hashed.

Exporting data to third parties

A necessary aspect of feed management is sending product feeds to data to external channels such as Google, Facebook, Amazon, and hundreds more. The method of integration with these channels depends on the use case. Each external channel will receive the data over a destination. This could be an FTP Server or an API connection, for example. The encryption varies, depending on the destination. You are advised to make yourself aware of the type of encryption of these destinations before using them.

Encryption types of the most popular Productsup destinations

Here is a brief list of some of the most popular Productsup destinations and the relevant encryption method and security information.

Table 1. Encryption destinations, encryption methods, and security information

Destination

Encryption method

Security protocol

Productsup Server

TLS1.2

HTTPS

Productsup Platform API

TLS, SSLv3

HTTPS

Google Merchant Center API

TLS, SSLv3

HTTPS

Facebook Marketing API

TLS, SSLv3

HTTPS

SFTP Server

Encryption: depending on the target host (AES, 3DES, etc.)

SSH

FTP Server

None

FTP

SAP Product Content Hub

TLS, SSLv3

HTTPS



Note

SAP Product Content Hub data is sent through the Productsup Platform API