Streamtime underwent an internal review of all existing policies and documentation prior to the enforcement of the GDPR on the 25th May 2018. Any required policy updates were applied and new documentation created to ensure we fulfilled all requirements.
💡Head here to access Streamtime Security Page and FAQ's. If you still have questions, reach out to help@streamtime.net.
The opening summary of our internal data policy documentation
Policy brief & purpose
Our cyber security policy serves as a guideline for all our staff to ensure the security and integrity of our data and network infrastructure to protect against human errors and combat external attacks that could cause financial damage or jeopardise our customers' data.
Product Security
Permissions
We enable permission levels within the app to be set for your teammates.
Permissions restrict access to various areas of Streamtime and also allow for view/read/write access to be applied to specific areas - eg user cost rates.
Two Factor Authentication
2FA can be enabled on your account should you require it, but is mandatory for when integrating with an accounting platform due to security regulations in different countries.
Network and application security
Data Hosting and Storage
Streamtime services and data are hosted in Amazon Web Services (AWS) facilities in Oregon, USA.
Disaster Recovery
Streamtime was built with disaster recovery in mind. Our AWS servers are templated and able to be recreated quickly. Point in time backups down to the second are maintained to allow restoration of the AWS RDS which stores all client data.
Backups and Monitoring
Periodic AWS backups are maintained that can be restored on demand. Audit logs are kept for all in-app activity. All actions taken on production consoles or in the Streamtime application are logged.
We use FullStory to monitor real time product usage.
Exceptions are logged with notifications sent to Slack channels that are monitored by multiple staff members.
Encryption
Streamtime uses industry standard encryption algorithms to encrypt data on our servers, and data is also encrypted in transit by our SSL certificates.
Penetration Tests, Vulnerability Scanning
Streamtime engages a third-party security expert annually to perform detailed penetration tests on the Streamtime application and infrastructure.
We do not store payment details
Streamtime is not in the business of storing or processing payments. All payments made to Streamtime are handled by Stripe who's security compliance can be found here security page.