Home > Security, Frequently Asked Questions

Categories: |


(Last Updated On: March 2, 2018)

What is your privacy policy?

You can read our full privacy policy here: http://www.snapengage.com/privacy

Does your solution perform validation of input and output to ensure that it is correct and appropriate to mitigate risks of cross-site scripting, SQL injection, buffer overflow, etc?

Yes, In developing SnapEngage we applied security best practices. We are filtering sensitive fields for XSS injection, not using direct queries but instead parameterized queries to avoid SQL injections.

Does the application require username and password authentication?

Yes, chat agents and dashboard administrator need to log in to chat or view and make changes in the dashboard. Authentication is handled through a SSL secured communication.

Storage of Application Credentials:
Are the passwords stored in an encrypted format?

Yes, SnapEngage passwords are not stored in the DataStore nor do any SnapEngage employees, owners, or affiliates have access to any user’s password. Upon a user creating a password an PBKDF2 salted hash is created and thereafter used to validate user credentials.

Where are SnapEngage services hosted?

SnapEngage is a cloud based service, hosted in Google data-centers on the Google AppEngine infrastructure. 

What physical security controls are implemented to protect unauthorized access to systems and data?

The physical location of data is in Google data centers. There are data servers both in the USA and the EU. SnapEngage leverages the state of the art physical security of Google data centers.

What network security controls are implemented to protect unauthorized access to systems and data?

SnapEngage is hosted on the Google network. The Google infrastructure has a multi tiered infrastructure to not allow any access to systems or data other than through the SnapEngage application.

Does your solution use SSL for the transmission of sensitive customer data?

Yes, when installed on an SSL encrypted website the SnapEngage widget encrypts all communications between the visitor and its servers using SSL. A customer can enforce SSL encryption on non https page by following these instructions. Additionally, all communication between web client and the servers are SSL encrypted.

SSL Version Details: Which versions of TLS and SSL are permitted?

TLS 1.2, TLS1.1, TLS1.0. SSL v3 is no longer permitted.

Do you have a process for periodic scanning, identifying and re-mediating security vulnerabilities on servers, workstations, network equipment and applications?

Yes. A third party organization does perform yearly automatic scanning of SnapEngage.

Do you implement network security solutions for network monitoring, internet filtering, and intrusion detection?  

Google, as our platform provider, is handling all the network security, monitoring, and response to threats.

Is there internal monitoring for compliance with Privacy Policies and procedures?

Yes, the policy is reviewed by different staff on a monthly basis to ensure the policy is known, understood, and any compliance issue are escalated.

How can I increase privacy?

There are four ways to add extra security in the options tab of your Admin Dashboard under the Extra security section.

1. Enforce encryption (SSL) to view support request
If this option is selected you can view cases in logs by using https (rather than http).

2. Require sign in to view support request
If enabled the case can only be accessed after an admin logs in. If the option is not checked, then anybody with the link can see it.

3. Delete visitor data after it is successfully sent to destination
This feature removes all visitor information, ip, location, chat transcript, email after the end of the chat (and after any data that was collected was sent to any integrations).

4. Filter credit card numbers from transcripts
If enabled the chat transcript will be searched for any credit card numbers entered within the chat and the credit card number will be replaced with X’s.

What type of compliance does SnapEngage’s hosting environment meet?

Our hosting provider is SAS 70 Type II, SSAE 16 Type II, and ISAE 3402 Type II compliant. You can read more about this here.

What safe harbor provisions does SnapEngage meet?

SnapEngage complies with the EU-US Privacy Shield Framework and the U.S.-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.

Did you find this article helpful?

Not HelpfulNeeds WorkSo-soHelpfulVery Helpful (10 votes, average: 4.00 out of 5)
Loading ... Loading ...

Published November 6, 2012


Reader Feedback

No comments yet



Add your thoughts