Ireland and Stockholm (from 2024)
no
The database is backed up daily. Restore can be done with immediate effect.
Annually
We are based on a managed service at Heroku, which has the utmost responsibility. They write about DDoS Mitigation.
Our infrastructure provides DDoS mitigation techniques including TCP Syn cookies and connection rate limiting in addition to maintaining multiple backbone connections and internal bandwidth capacity that exceeds the Internet carrier supplied bandwidth. We work closely with our providers to quickly respond to events and enable advanced DDoS mitigation controls when needed.
In addition to the “rough” layer that our provider takes care of, we ourselves have implemented request throttling at the application level.
In connection with the upcoming migration to eu-north-1 (Stockholm), we are implementing an AWS WAF (Web Application Firewall) Diciembre /2023Can we have SSO with Microsoft or similar so that we can easily manage security accesses, such as when employee stops?
Yes, it is an integral part of our solution.
Our always updated DPA can be found at https://prowi.io/dpa/ and it will also be attached as an annex to the contract we enter into with you.
It will be deleted after 5 years — unless you actively delete data yourself.
Everything is saved on the platform (app.prowi.io) it is stored on AWS in Ireland. As of 2024 it will be moved to AWS EU-North-1, Stockholm. (December 2023)
We only store the data that will be used in calculating the basis for your bonus and commission statements. With regard to personal data according to: GDPR states this in our DPA under section 2.2 but can be summarized as:
All data is, as it typically is on a SaaS solution, bundled into one database with row-level multi-tenancy. All entities have a customer ID, as part of the core of the application is globally scoped. In other words, customers cannot access each other's data.
We only store the data that you submit and which is necessary to calculate your models. Customer name is often an identification marker used to understand and communicate the calculated and accrued bonus and commission.
Your data is encrypted “at rest” in the database. In addition, all traffic to and from Prowi is SSL encrypted.
It has your dedicated Prowi consultant and the management
Yes, you will be informed. This is stated in point 10 of our DPA.
We would like to be allowed to use your logo as a reference on our website and would love to make a good customer story when you have been operating for a while and experienced the good effects. In addition, none of your data or knowledge about your company is used for marketing purposes or communicated externally. This is also stated in our standard Termini di uso.
Read our preparedness plan for an IT security breach at https://prowi.io/it-beredskabsplan/
Prowi CTO
Yes, we have. This is currently a simple setup, since prowi pt. Only consists of a single monolith application, but backup is taken continuously, which can be quickly re-established.
Yes, all Prowi employees go through basic IT security exercises and GDPR training during their onboarding process.
Yes — we have a 99.5% uptime to date and this is our service level.