We care about your data privacy
We don't store any data used to generate the document or the generated document itself. We only store the template structure and any static text which is added to the template. The log files never contain the data you send via API.
All API connections are established through secure and encrypted SSL channels. Our SSL Certificates use strong signature algorithm SHA256withRSA and we support only TLS 1.2 connection. Qualys SSL Labs rates our infrastructure setup with grade A.
We use JSON Web Tokens (JWT) to offer a method to establish secure server-to-server authentication by transferring a compact JSON object with a signed payload of your account’s API Key and Secret. The JWT should be generated uniquely by a server-side application and included as a Bearer Token in the header of each request.
Our database instances use encryption. Data that is encrypted at rest includes the underlying storage for DB instances, its automated backups, read replicas, and snapshots.
We are committed to GDPR compliance across our services. Our infrastructure provider Amazon Web Services complies with European Union’s General Data Protection Regulations and is part of EU-US Privacy Shield. We also provide custom deployments in European regions provided by Amazon Web Services.
We use declarative continuous delivery and infrastructure as code to quickly manage data centres to take action in disaster situations. The application is deployed at least in two different AWS Availability Zones, and AWS RDS Multi-Zone deployment ensures automatic failover whenever a database service has issues in one AWS Availability Zone. Every database has a daily backup.