You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: _account-security/security/stitch-security.md
+8-13Lines changed: 8 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -53,7 +53,7 @@ sections:
53
53
anchor: "stitch-access"
54
54
content: |
55
55
- Stitch strictly controls access to data and credentials and requires them to be encrypted using industry-standard methods both at rest and in transit within our [environment](#environment).
56
-
- Stitch's secure infrastructure is a closed network protected by multi-factor authentication and accessible only to qualified members of our engineering team. On the rare occassion that a Stitch engineer needs to read or move data to investigate an issue, your data will never leave our infrastructure.
56
+
- Stitch's secure infrastructure is a closed network protected by multi-factor authentication and access is limited on a need-to-know basis.
57
57
58
58
Additionally, all members of the Stitch team - not just engineers - have signed non-disclosure agreements.
59
59
- Stitch's data centers are protected by electronic security, intrusion detection systems, and a 24/7/365 human staff.
@@ -63,16 +63,11 @@ sections:
63
63
- title: "PII stored by Stitch"
64
64
anchor: "stitch-pii-stored"
65
65
content: |
66
-
Stitch stores some PII (Personal Identifiable Information) related to your account. This PII is provided during signup and includes:
67
-
- First and last name
68
-
- Email address
69
-
- Company name
70
-
- Country and state
71
-
- Phone number
72
-
- Billing address
73
-
74
-
The only PII that goes through Stitch is the data sent from your source. This data is not stored outside of our [retention window](#data-retention).
75
-
Additionally, Stitch collects performance metrics, but these do not include any customer-provided information. Stitch also stores table names for functional reasons.
66
+
Stitch processes personal data related to your account. For more information on what personal data we process, see the [Qlik Privacy & Cookie Notice](https://www.qlik.com/us/legal/privacy-and-cookie-notice).
67
+
68
+
You may send customer data that includes personal data through Stitch from your source. Stitch does not retain customer data long-term. It extracts data from your connected source systems, temporarily buffers that data in Qlik/Stitch-controlled storage to complete processing and loading, and then loads it into the destination you specify. Data held in this intermediate storage is automatically deleted once it's no longer needed for replication.
69
+
70
+
Data is not stored outside of our [retention window](#data-retention).
76
71
77
72
78
73
@@ -272,7 +267,7 @@ sections:
272
267
{% endfor %}
273
268
</table>
274
269
275
-
To summarize, all data that Stitch processes for customers will be deleted from our systems within 30 days.
270
+
To summarize, all data that Stitch processes within the product for customers will be deleted from our systems within 30 days.
276
271
277
272
- title: "Protocols and recommendations"
278
273
anchor: "stitch-protocols-recommendations"
@@ -293,7 +288,7 @@ sections:
293
288
content: |
294
289
If our team verifies a security vulnerability in our system, our first priority is to prevent its exploitation. After it’s contained, we do a thorough analysis to determine the scope of impact and notify affected users within 24 hours.
295
290
296
-
If you believe you’ve found a security vulnerability in Stitch, we encourage you to let us know right away by emailing [security@stitchdata.com](mailto: security@stitchdata.com). We request that you do not publicly disclose the issue until we have a chance to address it. We won’t pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.
291
+
If you believe you’ve found a security vulnerability in Stitch, we encourage you to let us know right away by emailing [security@qlik.com](mailto: security@qlik.com). We request that you do not publicly disclose the issue until we have a chance to address it. We won’t pursue legal action as long as you make a good-faith effort to avoid privacy violations and destructive exploitation of the vulnerability.
297
292
298
293
We will respond as quickly as we can and reward the confidential and non-destructive disclosure of any design or implementation issue that could be used to compromise the confidentiality or integrity of our users' data (such as bypassing our login process, injecting code into another user's session, or acting on another user's behalf) with some swag. Other issues may be rewarded at our discretion.
Copy file name to clipboardExpand all lines: _data/stitch/compliance.yml
+6-8Lines changed: 6 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -14,9 +14,9 @@
14
14
level: "full"
15
15
tier: "all"
16
16
description: |
17
-
**Stitch is fully compliant with the European Union's Global Data Protection Regulation, or GDPR.**
17
+
Stitch maintains a privacy program built to ensure that we comply with the privacy laws relevant to our business, such as the EU's GDPR.
18
18
19
-
The [Stitch Terms of Use](https://www.stitchdata.com/terms/){:target="new"} includes a Data Processing Addendum (DPA) that enacts standard contractual clauses set forth by the European Commission to establish a legal basis for cross-border data transfers from the EU. The [Stitch Privacy Policy](https://www.stitchdata.com/privacy){:target="new"} also includes specific GDPR requirements. Learn more about Stitch's efforts [in this blog post](https://www.stitchdata.com/blog/stitch-is-now-gdpr-compliant/){:target="new"}.
19
+
Stitch makes a Data Processing Addendum (DPA) available for customer execution found here. The [Qlik Privacy & Cookies Notice](https://www.qlik.com/us/legal/privacy-and-cookie-notice){:target="new"} also includes specific GDPR requirements.
20
20
21
21
Additionally, Stitch supports selecting the region in which you'd like your account's replicated data to be processed. Refer to the [Data processing section](#data-processing) for more info.
22
22
@@ -34,18 +34,16 @@
34
34
level: "some"
35
35
tier: "all"
36
36
description: |
37
-
**Stitch doesn't currently support replicating data in a PCI-compliant manner.** To log feedback about replicating data subject to PCI requirements, reach out to our [support team] ( {{ site.support }}).
37
+
Stitch doesn't currently support replicating data in a PCI-compliant manner.
38
38
39
39
However, all payment information submitted through Stitch's billing interface to pay for your subscription is handled in a PCI-compliant manner.
40
40
41
-
- id: "privacy-shield"
42
-
name: "Privacy Shield"
41
+
- id: "eu-uk-data-privacy-framework"
42
+
name: "EU/UK Data Privacy Framework"
43
43
level: "full"
44
44
tier: "all"
45
45
description: |
46
-
**Stitch is certified under the [US-EU and US-SWISS Privacy Shield Programs](https://www.privacyshield.gov/participant?id=a2zt0000000GnxUAAS&status=Active){:target="new"}**, meaning any EU or Swiss data transfer will be handled in accordance with the principles laid out in the Privacy Shield Framework.
47
-
48
-
For more information on Privacy Shield, check out the previous link or [this FAQ on the program](https://www.privacyshield.gov/Program-Overview){:target="new"}.
46
+
Stitch's parent company Qlik is certified under the EU/UK – US Data Privacy Framework.
0 commit comments