Find out exactly how Archie protects your data and privacy
The core tenets of Archie’s security program are to safeguard customer data and to maintain customer trust. Archie uses a defense-in-depth approach to implement layers of security throughout our organization.
Data you store in Archie products is yours -- we put our security program in place to protect it, and use it only as permitted in our policies. We never share your data across customers and never sell it.
Whether it’s GDPR or a similar local regulation, it’s more important than ever that your teams be mindful of data privacy.
All customer data is securely sent to the cloud using SSL/TLS v1.2 or above. For better performance, we also support HTTP/2. Atlas on GCP for databases and GCS for object storage encrypt data at rest. The most secure one-way encryption is used to hash passwords. Clients use a token mechanism to log in with Archie. Our entire IT infrastructure is hosted on the cloud.
To maintain a high-security score, servers are maintained on a regular basis. Vulnerabilities are tracked by a combination of automatic mailing lists and real-time monitoring of vital systems.
Archie uses Atlas to deliver its database group to GCP. It is hosted by data centers that have received the highest level of accreditation, such as ISO 27001 and SOC 2. Visit GCP Security and GCP Compliance for additional information on compliance.
All application servers are located in Canada, however, they may be accessed from anywhere in the world over the internet. Archie's CDN provides static materials (such as web page stylesheets and profile photos) from servers all over the world, but it never touches critical client information.
Data is backed up every 6 hours and stored in the GCP data center, which is located off-site. The physical security of these sites is overseen by GCP, and who gets access is strictly controlled by Atlas. We save backups for a year, after which the data becomes absolutely unusable.
To maintain a high-security level, servers are maintained on a regular basis. Vulnerabilities are tracked by a combination of automatic mailing lists and real-time monitoring of vital systems.
We recognize the value of dependability and strive for a 99.9% uptime. We use third-party monitoring services like Sentry and GCM to keep track of uptime.
Before being sent to production servers, all code is verified and peer-reviewed. We also keep an eye on security community updates and upgrade our systems as soon as new vulnerabilities are disclosed.
We have a rigorous policy in place to protect the privacy of sensitive customer information: we will never sell your visitors’ or employees' data, and we will never contact them without their consent. Only in the event of a technical support issue that necessitates immediate action can our support team gain access to your account.
Archie makes it simple to manage data and rights for many facilities from a single location, no matter where you are. Customers can grant the appropriate Archie access to certain team members on a global or location-specific level using role-based management. To further limit access, SSO (SAML) can be used to integrate with your single sign-on identity provider.
We recognize the impact that regulatory obligations have on your company. That's why, in addition to improving our own body of compliance qualifications, we're devoted to delivering features that can assist you with your compliance initiatives.