At Sketchboard, we have always taken information security very seriously. We always aim to give the highest priority to protect our users’ data on Sketchboard. In order to maintain high security standards in the industry, we have a comprehensive approach that is embedded in our data protection measures as well as our culture, organizational and operational activities.
Sketchboard’s services are hosted in Google Cloud Platform (GCP) facilities in Belgium and Amazon Web Services (AWS) facilities in Ireland. Both of these data centers provide high levels of physical and virtual security to ensure that Sketchboard’s user data is safe.
The user data on Sketchboard is encrypted at rest and will be completely deleted e.g. when changing disks. As we’re using GCP servers to host all user data, we utilize their built-in firewalls and encryption-at-rest services to secure your data against unauthorized access. For more information about check out Encryption at Rest pages of Google Cloud Services. AWS is used for backups and to store uploaded images, using AWS’s built-in secure URLs to access uploaded images that are only accessible by the users who are authenticated on Sketchboard.
The user data is encrypted in transit. All user data are sent using at minimum TLS 1.2 and we support only modern browsers to provide strong ciphers. The credit card information is stored in our payment processor’s servers and does not even hit Sketchboard servers.
When the user decides to delete their data, it is permanently deleted in 30days. We also provide our users “the right to be forgotten”. When users delete their account we delete all the data permanently.
At Sketchboard, security is an essential part of our culture and organizational practices. We do our best to ensure our team has the required level of awareness of security topics to create a strong defense mechanism against any potential security breaches.
In order to provide comprehensively secure service at Sketchboard, we implemented organizational measures starting from the onboarding of our employees and continuing throughout their journey at Sketchboard.
Every employee at Sketchboard agrees to our NDA when they start to work with us. We also ask them to make sure they understand our policies on how to handle customer data. During the onboarding process, we provide a must-have security awareness training that includes access management practices and what to do with customer data. There is also an annual security training for all employees.
All of Sketchboard’s employees must have 2FA authentication and must have a secure internet connection to be able to operate. Additionally, every employee needs to use a password management application with highly-secure encryption algorithms. Only the approved tools by the management can be used for communication and data storage tools of the customer-related information. Sketchboard also has the highest level of data access management process for its employees. Access to any type of customer data can be given with the approval of the CEO.
Sketchboard data is located in AWS and GCP data centers in Europe. Customer data on Sketchboard is backed up in daily frequency. In order to ensure business continuity and disaster recovery, we are using Ansible and Docker images to set up servers which also work as documentation to set up the infrastructure. Customer backup data is stored off-site. Aligned with our data retention policy, the backups are deleted after 30 days.
Controlling access to user data is very important for us. The data access is given by the CEO with the limitations that allow employees to execute the only required tasks. In terms of physical access, only the employees and trusted parties of our cloud service providers (GCP and AWS) have access to the facilities.
The General Data Protection Regulation (GDPR), is a privacy law in the European Union level which has been in effect since May 25th, 2018. The aim of the GDPR is to regulate how organizations and individuals can collect, use, transfer and remove personal data.
Sketchboard has taken all the required measures and implemented necessary processes to comply with the GDPR. You can find detailed information about our activities and approach regarding the GDPR on our GDPR Page.