A lot has been written in recent days about the Heartbleed SSL vulnerability discovered in the open source OpenSSL software used by many popular web services. Although we have no reason to believe that DataHero was compromised by this vulnerability, we nonetheless took immediate steps to secure our service against it and wanted to take this opportunity to reassure all of our users of our ongoing commitment to security and privacy.
Immediately following the announcement of the Heartbleed vulnerability, we updated all of our web servers to protect against this serious bug. As of 12:05 PM on April 8th, all of our servers had been patched. We also took the further step of creating entirely new, more secure SSL certificates to further protect our users. When you visit DataHero, you will now see a green security bar in your browser that assures you that you’re visiting a site that is operated and secured by Datahero, Inc.:
We at DataHero are committed to doing everything we can to ensure the security of your data. We utilize industry standard practices for securely transmitting and storing data, such as HTTPS and 128-bit encryption. We also employ security monitoring software from JumpCloud, a company that specializes in securing online services like DataHero.
At DataHero, we believe that the privacy of your data is just as important as its security. Your business data is of critical importance and sensitivity, and we’re committed to respecting the confidentiality of your content and being transparent about how your data is stored and accessed in DataHero.
First off, the content you upload to DataHero is, and always will be, yours. We will never claim ownership of the content you upload, nor will we share it with anyone else without your permission (unless required to by law).
Secondly, we know that your content is sensitive and we are committed to respecting your privacy and the privacy of your data. Our software only accesses your data in order to provide you with DataHero’s functionality. Moreover, our employees will never look at your content unless you explicitly grant us permission as part of a support request, or in the exceptionally rare case of needing to resolve a core issue with DataHero where data access is unavoidable (such a situation has never before occurred with DataHero).
Finally, we believe that you should have complete control over your content and be able to clearly and easily delete it entirely from our systems whenever you want to. When you delete a dataset or chart from DataHero, it is immediately deleted from all of our servers – we do not keep separate backups of deleted user content. Once the daily backups of DataHero expire, your deleted content is gone for good.
Our entire team is committed to the security and privacy of all of our users and their data. If you have any questions or feedback regarding DataHero’s response to the Heartbleed vulnerability, our security practices or our privacy policies, we’d like to hear from you.
Get the fastest, easiest way to understand your data today.Sign up for free