Hosting and Physical Security
Skyvia is hosted in a secure Microsoft Azure cloud, in west US data centers. Microsoft works hard to provide customers the best security and protection for their data, and security is built right into their Azure platform.
Microsoft Azure Cloud servers run in secure data centers, and access to them is restricted only to authorized personnel. Microsoft Azure Cloud implements the best security practices and complies with a wide set of national, regional, and industry-specific requirements and security standards - SOC 2, ISO 27001, and many others.
Compliance and Privacy
To keep your data secure and private, Skyvia stores users' private data encrypted using AES 256-bit encryption. Encryption keys are unique for every user, and our employees don't have access to them, and cannot decrypt users' data. Only the top level administrators have administrative access to Skyvia's virtual machines.
Skyvia complies with the European Union's Global Data Protection Regulation (GDPR).
Skyvia complies with HIPAA requirements for Protected Health Information (PHI), and we are ready to sign a Business Associate Agreement (BAA) with customers who are subject to HIPAA mandates.
Retention of User Data
Users' private data stored by Skyvia, is encrypted at rest using AES 256-bit encryption, which is one of the strongest ciphers available.
Skyvia stores the following users' data:
- Backups - User data backups, created by Skyvia Backup are stored in secure Azure GRS storage. Skyvia uses Microsoft Azure redundant storage mechanisms to ensure that the data are not lost even in case of hardware failures. Users' backup data cannot be accessed directly, and can be accessed only via Skyvia services. Whenever necessary, users can delete their backups when they don't need them anymore.
- Export results - When the user exports their data to a locally downloadable file, this file is stored on Skyvia servers for 7 days, so that the user could download it. The user can delete them earlier, if necessary.
- Integration logs - Skyvia stores per-record error logs when Data Integration fails to load some records, and these logs may contain some users' data. For certain integration kinds and certain data sources Skyvia also stores per-record logs of successfully loaded records. They are not stored forever, from time to time old logs are deleted, and you can delete old logs manually. See more information in our documentation.
- Connection parameters - To maintain automatic backup, integration, etc., Skyvia stores the necessary connection parameters for your data sources. Credentials are stored encrypted using AES 256-bit encryption.
- Connection metadata - Skyvia stores names and types of objects and fields in users' data sources in order to display them in its user interface. This is the only part of users' data, visible to our employees. They may access it in order to provide better assistance to the users in their specific use cases.
- Temporary cache - Occasionally, when running users' queries or integrations, Skyvia may cache some of the users' data. This cache is stored only while the operation is running, and is immediately deleted after it finishes.
If our user prefers to stop using Skyvia and delete their account and all the connected data, they can delete it in their Account settings.
Skyvia is using an Azure Virtual Network inside the Microsoft Azure platform. All the virtual machines, on which Skyvia is running, are protected by the firewall and routing rules, and only ports, required for Skyvia functioning, are open.
Skyvia can be accessed only via HTTPS. All the users data is encrypted in transit using TLS end-to-end encryption and strong encryption keys with length of at least 128 bits. All the interactions between our interface and APIs are also encrypted.
For all the data sources that support OAuth connections, Skyvia uses OAuth connections by default. This means that you don't need to provide your data source credentials to Skyvia, and they are not stored on our servers. You can revoke OAuth access to your data at any time. These OAuth tokens are stored encrypted on Skyvia.
For data sources that do not support OAuth, credentials are stored in an encrypted form on our server in the Microsoft Azure Cloud. Our employees don't have access to connection strings of our users - for both OAuth- and credentials-based connections.
Skyvia allows signing in either by creating an account with username and password or by using Single Sign-On (SSO) with Google or Salesforce. For username/password accounts, Skyvia uses strong hashing mechanism for passwords. Passwords are not stored on Skyvia servers, only secure hash is stored.
Skyvia is developed by Devart - a company with 20+ years experience on creating data connectivity solutions and database tools, having more than 40 000 customers , including companies from Fortune 500 and Fortune 100. It is developed using all the necessary secure coding practices and standards. Skyvia developers are experienced and trained for secure coding, and Skyvia's code includes measures for minimizing and mitigating security risks and breaches. Skyvia team regularly conducts automated security tests and checks for vulnerabilities.