Last Updated: 15/10/2024
Rest Assured! Your data is super secure with us.
What do we store?
We store operational data in NoSQL Database & files in Amazon s3 buckets
NoSQL Database
We collect the following data from the machine that has Activity Logger installed (and started). We store this data in NoSQL. The architectural and security of the database is explained in subsequent sections.
- Activity Logs: We monitor your mouse movements and when you press keys on your keyboard at regular intervals that we set for your account. We do not record the specific keys you press. For example, if you press the “A” key, we do not save that the “A” was pressed. This ensures your activities are tracked for security purposes without capturing the exact information you type.
- System Logs: We collect information about your computer to provide visualization on machine usage. This includes details such as: • Memory (RAM): How much memory your computer has. • Disk Space: The amount of available storage on your hard drive. • Machine Name: The name of your computer. • CPU Information: Details about your computer’s processor. • Operating System (OS) Details: Information about the software your computer uses to run. We use this information solely to monitor system usage. We do not read/access or store any of your personal files or data.
- Applications & Processes: We monitor the applications and other programs running on your computer that helps in providing visualizations on which apps are max used by the you. We do not access, store, or monitor the content of the applications you use or the data within them.
Amazon S3 buckets
If screenshots are enabled for the given user, the Activity Logger application captures screenshots and stores the same directly in Amazon S3. The s3 bucket, its region, access key and secret are all configurable. We further encrypt the access key and secret using the key stored in AWS Secrets Manager. Hence, none of our developers can have any access to the screenshots. You can set up your own AWS region and s3 bucket along with the access key and secret.
What do we store in AWS S3
- Screenshots: Only when enabled for the signed in user, the screen shots are captured periodically and sent to s3. These screenshots are only accessible / viewable from our application which (a) uses the key from AWS Secrets Manager to decrypt the AWS access key and secret, (b) uses the decrypted key and secret to read the screenshot from s3, (c) serializes the image into byte stream, and (d) renders it back to the browser or the desktop app for viewing.
- User profile picture: You can upload your profile pic. This is also stored in s3. However, your profile pic is applicable in the app without any further security checks
Moreover, we employ a range of technical measures to ensure the security and confidentiality of data. These measures include robust encryption protocols, secure credential management, and controlled access to sensitive information. Our approach is designed to protect against unauthorized access and to maintain the integrity of the data we manage.
How do we ensure security?
Secrets Manager
This is the crux of our architectural approach to secure your data from our own internal team.. let alone the outer world.
We use AWS Secrets Manager to securely manage and protect your sensitive information. This includes database passwords, API keys, and other critical credentials, all of which are encrypted and only accessible to one single authorized person in our company. We reveal the personal details of this person on demand, once you have signed up with us.
Screenshots captured by the desktop application are directly uploaded to Amazon S3 from the user’s machine using encrypted Amazon S3 configuration. We store only encrypted Amazon S3 credentials in our database for each screenshot log, which are decrypted using the secret key stored in AWS Secrets Manager. Decryption occurs only when a user requests access to a screenshot through our application, which is secured by an authenticated API using a Bearer Token.
With on-prem solution, you can have your own database, s3 bucket and all access keys in your own AWS Secrets Manager account.
Database Security
Our database operates on an EC2 instance located in a private subnet within our VPC (Virtual Private Cloud). This setup isolates the database from direct internet access, adding an additional layer of security. Access to the database is tightly controlled and monitored to prevent unauthorized access.
Configuration Management:
Our configuration settings are stored in an encrypted format within our database. This includes configurations at various levels:
- Business Level
- Domain Level
- Project Level
- Team Level
- User Level
Admins have the flexibility to customize settings, such as specifying their preferred S3 bucket for screenshot storage instead of using the default Amazon S3 bucket provided by the platform.They can enable or disable logging and screenshot capturing at any level.This hierarchical structure allows granular control over configurations while ensuring data security through encryption.
Backups
Our database backups are stored periodically in a secured Amazon S3 bucket to ensure data protection and prevent data loss.
Authentication
We implement a role-based authentication policy to ensure that access to our systems and resources is granted according to the roles and responsibilities of individual users within the organization.
- User Roles: The policy defines various user roles within the platform, such as administrators, managers, and employees, each with specific permissions and access levels tailored to their job functions.
- Access Control: Access to the platform's features, data, and functionalities is restricted based on the user’s assigned role. Users can only access information and perform actions relevant to their role.
- Role Assignment: User roles are assigned by the system administrator or designated personnel upon user registration or as per organizational requirements. Role assignments are reviewed periodically to ensure they align with current job responsibilities. Admins can create roles and assign appropriate access levels to each.
Implementation Updates
We reserve the right to update or modify our technical measures based on evolving best practices and industry standards. These changes ensure that we continue to provide the highest level of data security and protection.