Ensuring the Security of Your Data

At Netice, protecting your data is our highest priority. This Security Policy outlines the comprehensive measures we take to safeguard your sensitive information while ensuring compliance with both the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR).This document complements our Terms of Use and Privacy Policy to provide a detailed overview of our security practices.

Security Scope for App Data Services

Netice’s primary service is the automated ingestion and structuring of platform-reported app revenue and monetization data (for example from app stores and supported ad networks) into customer-designated cloud environments. These workloads typically involve business and revenue reporting data rather than sensitive personal data. Netice processes such data only as required to execute customer-configured tasks and does not provide accounting, tax, or audit services.
When customers configure Netice to connect to third-party platforms, Netice uses customer-provided credentials and secure APIs to retrieve reports, normalize them, and deliver the results to the customer’s chosen destination. Any intermediate processing is transient and governed by the security controls described in this policy.

Security Measures for App Data Services and Data Transfers

Netice ensures highly secure data ingestion and delivery for App Data Services and other supported transfers, with encryption at rest and in transit. Netice implements strong encryption, secure authentication, and strict security controls. Where applicable and chosen by the customer and with a BAA signed, Netice may support HIPAA-aligned safeguards for PHI transfers via the U.S. based instance.

Netice implements strong encryption, secure authentication, and strict security controls. Where applicable and chosen by the user and with BAA signed, Netice ensures HIPAA compliance. Below are the key security measures:

1. Encryption at Rest (AES-256)

• Before any file is stored or transferred, it is encrypted using AES-256, ensuring data remains secure while in Netice’s ephemeral storage and deleted after the transfer process is over.
• Encryption keys are never hardcoded and are securely retrieved from AWS Secrets Manager or Google Cloud Secret Manager.

2. Encryption in Transit

• All communication with Google Cloud services (including BigQuery & Google Cloud Storage) and the SFTP server is encrypted using TLS 1.2+.
• If your transfer source or destination is SFTP, Netice requires secure encryption ciphers from your SFTP server, ensuring files are not transmitted in an insecure format.

3. Secure Authentication & Key Management

• Google Cloud authentication uses IAM-based service accounts instead of hardcoded credentials.
• Encryption passphrases are stored securely in AWS Secrets Manager instead of being exposed in logs or code.

4. SFTP Security Compliance

• Before the transfer begins, Netice validates the SFTP server’s encryption ciphers.
• The system rejects any SFTP server that uses outdated encryption like 3des-cbc.
• Only AES-128, AES-192, and AES-256 ciphers are permitted by Netice. This is to maintain Netice’s own security standards which are also shared by HIPAA compliance requirements. Netice ensures it is only involved in secure data transfers.
• Note: SFTP-based transfers are a legacy module and may be subject to retirement/deprecation as described in product notices. Security controls remain enforced for any SFTP tasks that are still active during transition periods.

5. Secure File Handling

• Files are temporarily stored on Netice’s ephemeral storage with AES-256 encryption and securely deleted after the transfer.

  Any data temporarily stored within Netice’s processing environment is protected with strong encryption at rest (AES-256 where applicable) and is deleted after task execution. Encryption keys are never hardcoded and are securely retrieved from secret management.

• Decryption only happens immediately before delivery to the client’s SFTP server to ensure the file remains encrypted throughout processing.

6. Access Controls & Logging

• All operations are logged securely for audit purposes.
• The system follows least privilege access principles, ensuring only authorized processes can handle data.
• SFTP credentials are securely managed, and while customers are strongly recommended to use private key authentication, in case of password credentials customers are required to use only strong passwords that, in practice, are not possible to be cracked with brute forcing.

7. Third-Party Platform Access Security (App Data Services)

• Platform integrations use vendor-supported authentication methods (e.g., OAuth or API credentials) where applicable.
• Integration credentials are stored encrypted at rest in managed secret storage and are never hardcoded in application code.
• Access is restricted to the minimum required permissions needed to retrieve the configured reports and execute the task.

8. Data Normalization and Output Safety (App Data Services)

• When data is transformed into structured tables or unified schemas, Netice applies schema stability and validation checks to prevent accidental corruption or column shifts.
• Deliveries to customer destinations are executed via secure connections and controlled service identities.

Netice Data Transfer Platform: A Secure Environment

• Data Accessibility: Accessing the Netice platform does not grant access to the data used in your transfer tasks. Data transfers occur in secure environments outside the platform, ensuring that your sensitive data remains isolated and protected.
• Secret Protection: Secrets such as Google Cloud service account keys, SFTP passwords, and private keys are encrypted and securely managed outside the platform using Google Cloud Secret Manager, ensuring no unauthorized access.

Storage and Encryption of Sensitive Data

Google Cloud Secret Manager, AWS Secret Manager

We utilize Google Cloud Secret Manager & AWS Secret Manager to store sensitive secrets such as SFTP passwords, private keys, and Google Cloud Platform (GCP) service account keys. Secret Manager provides a secure and convenient way to manage and access secrets, ensuring they are protected with encryption both at rest and in transit. This service also offers fine-grained access control and audit logs to monitor secret access, further enhancing security.

Storage of Platform Integration Credentials (App Data Services)

For App Data Services, Netice may store credentials required to access third-party platforms (for example app store or ad network report access) in managed secret storage (Google Cloud Secret Manager and/or AWS Secrets Manager). These credentials are encrypted at rest, access-controlled, and used only for executing customer-configured tasks. Credentials are not written to logs and are deleted upon task deletion and/or service termination as applicable.

Encryption of Sensitive Fields

Encryption Standards

All sensitive fields within our application are encrypted using industry-standard algorithms (e.g., AES-256). This ensures that sensitive information remains secure and unreadable by unauthorized parties.

Password Security

Password Encryption

User passwords are securely hashed and salted using strong cryptographic algorithms before storage. We employ algorithms such as bcrypt, which are designed to be computationally intensive, making brute-force attempts highly impractical. This method ensures that user passwords are protected.

Firebase Security Measures

Our application leverages Firebase Authentication for secure user authentication. Firebase provides several built-in security features:

1. Secure Authentication Tokens: Firebase generates secure tokens for authenticated sessions, which are short-lived and require re-authentication periodically.
2. Transport Security: All communications with Firebase services are encrypted using HTTPS, ensuring data integrity and confidentiality.
3. Multi-factor Authentication: Firebase supports multi-factor authentication (MFA), adding an extra layer of security by requiring users to verify their identity using multiple methods.

Secure Payment with Paddle

Payment Security

We use Paddle for secure payment processing. Paddle is a trusted payment platform that handles transactions with the highest security standards. It complies with the Payment Card Industry Data Security Standard (PCI DSS), ensuring that all payment information is processed securely. Paddle provides:

1. Encrypted Transactions: All transactions are encrypted, protecting user payment information during processing.
2. Fraud Prevention: Paddle employs advanced fraud detection and prevention measures to safeguard against unauthorized transactions.
3. Compliance: Paddle complies with global payment security standards, ensuring a secure payment experience for our users.

Compliance

GDPR

1. Data Minimization: Only the data necessary for providing our services is collected.
2. User Rights: Users can access, correct, delete, or restrict the processing of their personal data.
3. Data Transfers: All cross-border data transfers use mechanisms such as Standard Contractual Clauses.

CCPA

1. Right to Access and Deletion: Users can request access to their stored data and delete it via self-service or contacting support.
2. Do Not Sell: Netice does not sell personal data under any circumstances.
3. Identity Verification: A robust two-step identity verification process ensures compliance with CCPA’s standards for data access requests.

HIPAA

Netice may sign a Business Associate Agreement with its U.S. based clients.

Where a BAA is in place, Netice’s role is limited to processing data as instructed by the Covered Entity for the configured transfer tasks. Netice does not provide clinical systems, electronic medical record hosting, or patient-facing applications.

Web Security Enhancements

Cross-Site Request Forgery (CSRF) Protection

We have implemented CSRF protection to prevent unauthorized commands being transmitted from a user that the web application trusts. By including CSRF tokens in our forms and validating these tokens on the server side, we ensure that requests are genuine and initiated by authenticated users.

Content Security Policy (CSP) and Nonces

To mitigate cross-site scripting (XSS) attacks, we employ a Content Security Policy (CSP). CSP is a security standard that helps prevent a range of attacks by specifying which content sources are trusted. Additionally, we use nonces (cryptographic tokens) to ensure that only scripts explicitly approved by our server are executed, further bolstering our defense against injection attacks.

Security of the transferred data

We understand that the security and privacy of your data are of utmost importance. Under regular operations, we do not see any of the content in the data you transfer – your data is not provided for anyone to access, it is not distributed, sold or exposed in any way and all of this would go strictly against all that we stand for. We would like to assure you that our system is designed to handle your data with the highest level of confidentiality and security. App Data Services note: For app revenue and monetization data, Netice processes platform-reported business data and delivers the output into the customer’s designated cloud environment. Netice does not sell, train on, or redistribute customer data. Processing is performed only to execute configured tasks. Here are the key points regarding our data handling practices:

1. Temporary Data Storage:
   • Ephemeral Storage: Your data is only stored temporarily in our system. The files are transferred to a secure temporary directory solely for the duration of the transfer process.
   • Swift Deletion: Once the transfer to the intended destination is successful, the files are promptly deleted from the temporary storage to not be retained longer than necessary.
2. No Established Access:
   • Automated Processes: The transfer process is fully automated. Our system does not retain or have regular access to your data.
   • No Human Intervention: Under normal operating conditions, there is no human intervention required in the data transfer process, ensuring that your data remains private and unseen by our team.
3. Data Privacy Commitment:
   • Confidentiality: In addition to such actions being completely outside of our regular operations and strictly outside our code of conduct, no one in the organization has the regular permission to access the content of your data. Our role is solely to facilitate the secure transfer of your files from the source to the destination you specify. We categorically refuse to access the contents of the data, nor do we generally even have any of it available for us, due to our strict and swift deletion policy of transferred temporary files. The only exception would be 100% verified situations there would be a serious emergency or a highly critical situation and almost without exception initiated by the authorities or law enforcement.
   • Security Measures: We implement strict security protocols to protect your data during the transfer process, including encryption and secure connections.
4. Error Handling:
   • Exception Handling: In the event of an error during the transfer, our system is designed to log the error without exposing or retaining the data. Any necessary debugging is done with a focus on resolving transfer issues rather than accessing data content.
5. User Control:
   • User-Driven Transfers: You have complete control over the data transfer operations. The files are processed based on your configurations and requirements.

By adhering to these practices, we ensure that your data remains secure, private, and only handled in a manner necessary to facilitate the transfer you have requested. Your trust is important to us, and we are committed to maintaining the integrity and confidentiality of your data.

Your trust is what matters the most to us

By integrating these comprehensive security measures, Netice ensures the highest level of data protection and user privacy. We remain committed to continuously enhancing our security practices to maintain the trust and safety of our users.

For more information about our security practices and how we protect your personal information, please refer to our privacy policy.