Security is the backbone of our success
ProfitWell is the world’s leading provider of subscription analytics, pricing, and retention software. Over ten thousand companies in more than 50 countries use ProfitWell’s software, services, and support to change the way they view and grow their recurring revenue businesses.
ProfitWell’s primary security focus is to safegaurd our customers’ and users’ data, which is why ProfitWell has invested in the proper resources and controls to protect and service our customers. Our investment in security and privacy utilizes a security framework using best practices in the SaaS industry with our key objectives centering on:
- Data privacy and safety: Deliver a superior product and service to our users and customers while protecting the privacy and confidentiality of their data
- Service continuity: Maintain ongoing availability of ProfitWell and data to all authorized individuals
- Data and Service Integrity: Ensure that user and customer data is never corrupted or altered inappropriately
- Compliance and Best Practices: Implement process and controls to align with current international regulatory and industry best practice guidance
ProfitWell values transparency when it comes to security and privacy to the extent that we can be without opening us up to vulnerabilities. This document is designed with that transparency in mind. We are continuously improving the protections that have been implemented and, along those lines, the information and data in this document is consistently being updated.
If you’d like more detail or wish to complete a security and risk assessment, email Product@ProfitWell.com to get routed to the appropriate person.
Security and Privacy at a Glance
Our success hinges on providing a safe and trustworthy environment for your subscription data. Protecting your data is our obsession, which involves a cross-functional approach with initiatives big and small. Here’s an overview of the major themes of our privacy and security protocols.
Data Privacy and Use
- Data is never sold and rarely accessed: Your data is your data and will never be sold to third parties. Further, your data is only accessed with permission or in the event of a security or QA issue.
- GDPR Compliant: ProfitWell maintains compliance with the EU’s General Data Protection Regulation and maintains product features, corporate protocols, and legal documents to help our users and customers comply.
- EU-US and Swiss-US Privacy Shield Certification: ProfitWell certified it’s compliance with the EU-US and Swiss-US Privacy Shield framework.
Resiliency and Availability
- 99.9% Uptime: ProfitWell’s availability is consistently above 99.9%. Customer data is 100% backed up to multiple online replicas with additional snapshots.
- 24x7x365 Monitoring: Our product and operations team monitor application, software, and infrastructure behavior using proprietary and industry recognized solutions.
- Data Center Redundancy: ProfitWell maintains multiple failover instances to prevent outages from single points of failure.
Application and Software Security
- Data Encrypted in Transit: Data sessions are always protected with advanced TLS protocols and 2,048-bit keys.
- Data Encrypted at Rest: All databases are encrypted at rest using Amazon's Key Management Service (KMS). The same encryption applies to the disks used for our production application servers as well.
- Security incorporated into the SDLC: ProfitWell code is high quality from conception to deploy. We use code analysis to ensure best practices are implemented directly into the software development lifecycle (SDLC).
- Responsive incident response program: ProfitWell’s incident response program process flows and investigation data sources utilize standard incident response process structures to ensure that the right steps are taken in the event of a vulnerability.
Data Centers and Network Security
- Utilize leading, compliant data centers: ProfitWell products are hosted with the world’s leading data center providers. Access to these data centers is strictly controlled. These partners are SOC 2 Type II and ISO 27001 certified and provide N+1 redundancy to all power, network, and HVAC services.
- Diverse data center infrastructure: ProfitWell infrastructure is distributed to ensure that single failure does not impact our users and customers.
- Network firewall protection: ProfitWell prevents network attacks with monitoring and protections including tightly controlled network-level firewalling.
Audits and Penetration Testing
- 3rd-Party Network Penetration Testing: ProfitWell utilizes industry-respected 3rd party penetration testing firms 2 times per year to test our network, product, and corporate infrastructure.
- 3rd-Party Physical Penetration Testing: Once per year, ProfitWell utilizes industry-respected 3rd party penetration testing firms to test our physical office security.
- Numerous external audits and assessments: ProfitWell certified with the EU-US and Swiss-US Privacy Shield Framework. Our data center providers maintain ISO 27001, SOC2 Type II, and many other certifications. We also maintain numerous security questionnaires from our vendors on file, including Google’s VSAQ.
If you’d like access to our full security, privacy, and risk assessment, email Product@ProfitWell.com.