Last updated: May, 2018
Skyvia is committed to security and focused on keeping your data and your credentials safe. We use industry-leading security practices when connecting to data sources and loading data from/to them.
Skyvia is hosted in a secure Microsoft Azure cloud, in west US data centers. Microsoft works hard to provide customers the best security and protection for their data, and security is built right into their Azure platform.
Microsoft Azure Cloud servers run in secure data centers, and access to them is restricted only to authorized personnel. Microsoft Azure Cloud implements the best security practices and complies with a wide set of national, regional, and industry-specific requirements and security standards - SOC 2, ISO 27001, and many others.
To keep your data secure and private, Skyvia stores users' private data encrypted using AES 256-bit encryption. Encryption keys are unique for every user, and our employees don't have access to them, and cannot decrypt users' data. Only the top level administrators have administrative access to Skyvia's virtual machines.
Skyvia complies with the European Union's Global Data Protection Regulation (GDPR).
Skyvia complies with HIPAA requirements for Protected Health Information (PHI), and we are ready to sign a Business Associate Agreement (BAA) with customers who are subject to HIPAA mandates.
Users' private data stored by Skyvia, is encrypted at rest using AES 256-bit encryption, which is one of the strongest ciphers available.
Skyvia stores the following users' data:
If our user prefers to stop using Skyvia and delete their account and all the connected data, they need to contact our support and ask us to delete their account. After a confirmation, we will delete the account and all the related data.
Skyvia is using an Azure Virtual Network inside the Microsoft Azure platform. All the virtual machines, on which Skyvia is running, are protected by the firewall and routing rules, and only ports, required for Skyvia functioning, are open.
Skyvia can be accessed only via HTTPS. All the users data is encrypted in transit using TLS end-to-end encryption and strong encryption keys with length of at least 128 bits. All the interactions between our interface and APIs are also encrypted.
For all the data sources that support OAuth connections, Skyvia uses OAuth connections by default. This means that you don't need to provide your data source credentials to Skyvia, and they are not stored on our servers. You can revoke OAuth access to your data at any time. These OAuth tokens are stored encrypted on Skyvia.
For data sources that do not support OAuth, credentials are stored in an encrypted form on our server in the Microsoft Azure Cloud. Our employees don't have access to connection strings of our users - for both OAuth- and credentials-based connections.
Skyvia allows signing in either by creating an account with username and password or by using Single Sign-On (SSO) with Google or Salesforce. For username/password accounts, Skyvia uses strong hashing mechanism for passwords. Passwords are not stored on Skyvia servers, only secure hash is stored.
Skyvia is developed by Devart - a company with 20+ years experience on creating data connectivity solutions and database tools, having more than 40 000 customers, including companies from Fortune 500 and Fortune 100. It is developed using all the necessary secure coding practices and standards. Skyvia developers are experienced and trained for secure coding, and Skyvia's code includes measures for minimizing and mitigating security risks and breaches. Skyvia team regularly conducts automated security tests and checks for vulnerabilities.