Candu is deployed over AWS, and high throughput data processing code is hosted using AWS Lambda to ensure the highest availability and scalability levels.
Candu uses CDNs hosted by S3 and Cloudflare to publish content to the frontend. CDNs allow us to maximize upload speeds so that Candu content loads along with the other components in your application.
The Candu SDK is installed within your application to provide dynamic segmentation and user analytics and to render the UI. Our SDK is engineered to handle multiple failure points. You can read more about the SDK API here.
Data encryption
We use industry-standard end-to-end encryption methods. All customer data is encrypted in transit and is only accessible via TLS/SSL and at rest with AES256.
Role-based
access controls
Set permissions and access controls for your Candu users based on specific roles and privileges within your organization.
Data security
Candu limits data access using a least privilege principle, encrypts all passwords & tokens and uses best-in-class vendors for cloud and application security.
Incident response
Candu maintains strict protocols for handling security events including escalation procedures, rapid response & mitigation and post mortem.
Data Segregation & PII
Customer data is logically separated from each other and personally identifiable information is not required to use Candu.
Uptime & reliability
Candu is committed to maintaining a 99.9% SLA to ensure all customers have uninterrupted uptime.
Privacy
We take your privacy seriously!
For details on how we protect your personal information, view our Privacy Statement.
Staged SDK releases
Candu only release updates to our CDN SDK after thorough testing in staging environments and stagger releases to our customer base.
With data protection and privacy built into everything we do, Candu is fully GDPR-compliant. We meet stringent international security standards, and we undertake comprehensive audits of our policies, networks, and systems to keep your information secure.
Our Terms of Use, Privacy Policy, and Processing Addendum (DPA) are up to date and reflect our GDPR readiness.
Candu does not require any personally identifiable information (PII) to be passed to the service, nor do we actively collect any PII from our customers.
In accordance with GDPR practices, Candu will delete all of your customer data and will provide an export of customer data in JSON format within 30 days of receiving a written request.
Candu is SOC 2® compliant and received certification in August 2022.
Every aspect of the Candu application is encrypted. Our servers enforce HTTPS protocol by using TSL 1.2. Internally, our servers communicate exclusively using HTTPS.
Our data is stored entirely on Amazon Web Services (AWS) using the Advanced Encryption Standard (AES). Any server-side secret is stored and accessed via AWS Key Management Service. We rotate sensitive keys and expire critical keys.
All backups are encrypted and stored using AES-256 in secure cloud locations within the EU.
No. Candu does not require any personally identifiable information (PII) to be passed to the service, nor do we actively collect any PII from our customers.
Candu also gives you fine control of all the analytics that you send to our servers. You can use your eventing libraries to customize exactly which information we receive, so you can be confident we are only tracking information that you want to share.
Identify verification can be enabled to ensure data integrity for any information you do choose to send to Candu.
All components (e.g., Content, Segments) in the SDK are wrapped with error boundaries to prevent JavaScript-related errors from propagating outside the Candu SDK and impacting our clients. If the error boundaries receive any errors, those are logged in the Candu tracking system.
If Candu encounters a JavaScript error in customer code, or if an error happens anywhere in the Candu SDK, those errors are logged in the Candu tracking system for immediate review. If for any reason there is an undetected error, Candu automatically drops rendering and will not display any content in order to protect page performance.
At Candu, we take our SLA and partner operations extremely seriously. We strive to maintain a 99.9% SLA in all of our APIs and frontend assets.
SLA monitoring is done through third-party integration monitoring. We currently ping 10+ APIs for uptime, as well as other critical aspects of our infrastructure that we use to provide these services.
All the tests are performed from seven different locations around the world (Canada Central, Ohio, Oregon, Sydney, Tokyo, Frankfurt, London) to ensure we maintain availability within and throughout different regions.
All critical integration tests are performed each minute.
If any alerts were to fail, our team would be notified immediately, as outlined in our escalation policy.
Improving page performance is critical to any product, and we measure ourselves by the same standard as internal libraries used by any development team. The Candu SDK is designed to minimize the performance impact of installing it on any page, and we are continually working to increase its performance.
Yes Candu engages third-party security experts on an annual basis to perform a detailed penetration test on the Candu application and infrastructure.
Candu maintains a robust ISP that is trained out to all new personnel during onboarding and all current employees attend an annual training session.
All data hosted by Candu is encrypted and stored within AWS.
We allow customers to control their own updates to allow for internal testing protocols to be carried out. We can discuss this with you during installation.
More questions? Contact our Security team.
Contact Now