Home > Security, Frequently Asked Questions

Categories: |


(Last Updated On: )

About This Article

This article clarifies commonly asked questions about how we secure.

What is your privacy policy?

You can read our full privacy policy here: http://www.snapengage.com/privacy

Does your solution perform validation of input and output to ensure that it is correct and appropriate to mitigate risks of cross-site scripting, SQL injection, buffer overflow, etc?

Yes, In developing SnapEngage we applied security best practices. We are filtering sensitive fields for XSS injection, not using direct queries but instead parameterized queries to avoid SQL injections.

Does the application require username and password authentication?

Yes, chat agents and dashboard administrator need to log in to chat or view and make changes in the dashboard. Authentication is handled through a TLS secured communication.

Storage of Application Credentials:
Are the passwords stored in an encrypted format?

Yes, SnapEngage passwords are not stored in the DataStore nor do any SnapEngage employees, owners, or affiliates have access to any user’s password. Upon a user creating a password an PBKDF2 salted hash is created and thereafter used to validate user credentials.

Where are SnapEngage services hosted?

SnapEngage is a cloud based service, hosted in Google data-centers on the Google AppEngine infrastructure. 

What physical security controls are implemented to protect unauthorized access to systems and data?

The physical location of data is in Google data centers. There are data servers both in the USA and the EU. SnapEngage leverages the state of the art physical security of Google data centers.

What network security controls are implemented to protect unauthorized access to systems and data?

SnapEngage is hosted on the Google network. The Google infrastructure has a multi tiered infrastructure to not allow any access to systems or data other than through the SnapEngage application.

Does your solution use SSL for the transmission of sensitive customer data?

Data is safeguarded by SSL TLS during transport. The SnapEngage widget encrypts all communications between the visitor and its servers using SSL TLS.

SSL Version Details: Which versions of TLS and SSL are permitted?

We use TLS 1.3 and TLS 1.2

SSL v3, TLS1.1, and TLS1.0. are no longer permitted.

Do you have a process for periodic scanning, identifying and re-mediating security vulnerabilities on servers, workstations, network equipment and applications?

Yes. A third party organization does perform yearly automatic scanning of SnapEngage.

Do you implement network security solutions for network monitoring, internet filtering, and intrusion detection?  

Google, as our platform provider, is handling all the network security, monitoring, and response to threats.

Is there internal monitoring for compliance with Privacy Policies and procedures?

Yes, the policy is reviewed by different staff on a monthly basis to ensure the policy is known, understood, and any compliance issue are escalated.

How can I increase privacy?

There are four ways to add extra security in the options tab of your Admin Dashboard under the Extra security section.

1. Require sign in to view support request
If enabled the case can only be accessed after an admin logs in. If the option is not checked, then anybody with the link can see it.

2. Delete visitor data after it is successfully sent to destination
This feature removes all visitor information, ip, location, chat transcript, email after the end of the chat (and after any data that was collected was sent to any integrations).

3. Filter credit card numbers from transcripts
If enabled the chat transcript will be searched for any credit card numbers entered within the chat and the credit card number will be replaced with X’s.

What type of compliance does SnapEngage’s hosting environment meet?

Our hosting provider is SAS 70 Type II, SSAE 16 Type II, and ISAE 3402 Type II compliant. You can read more about this here.

What safe harbor provisions does SnapEngage meet?

SnapEngage complies with the EU-US Privacy Shield Framework and the U.S.-Swiss Safe Harbor framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal data from European Union member countries and Switzerland.

Did you find this article helpful?

Not HelpfulNeeds WorkSo-soHelpfulVery Helpful (11 votes, average: 4.09 out of 5)
Loading ... Loading ...

Published November 6, 2012


Reader Feedback

No comments yet



Add your thoughts