ChurnZero helps growing SaaS companies fight customer churn. The ChurnZero real-time customer success platform helps businesses understand how their customers use their product, assesses the customers’ health, satisfaction and likelihood to renew, and gives the business the means to automate and personalize the customer experience through timely and relevant touchpoints, including in-app content.
ChurnZero realizes that helping to protect our customer’s data, ensure proper security regulations, and mitigate any potential risk is essential to building trust and delivering a high-level of service. ChurnZero takes a risk-based approach to security and this paper will detail the some of the many different measures and technologies in place to protect our customers.
ChurnZero is wholly hosted in the Amazon Web Services Public Cloud (AWS). All AWS security best practices are adhered to. ChurnZero employs a least access security methodology. Users with access to the platform are given the minimum level of access required for their job function, and access is audited every 90 days.
Access to the platform from the internet is disabled from the edge, with the only access to the platform through an IPSec VPN. Churnzero does not use or allow access to the platform from a bastian or jump host. The ChurnZero network is segmented in such a way as to only allow Internet traffic to reach load balancing infrastructure, and traffic to front end servers is limited to traffic received directly from the load balancing infrastructure. Access to server resources that is not customer facing (database, file and infrastructure) is completed restricted to internal access and unreachable from the edge.
ChurnZero utilizes many various technologies to deliver our services. Consistent with industry best practices, ChurnZero DevOps closely inspects all services to identify unnecessary services and remove and/or disable the capabilities to reduce vulnerabilities to security threats.
ChurnZero has strict policies and procedures in place to update all components of the ChurnZero Platform including operating systems, databases, etc. with their vendors’ security patches.
Access for DevOps users is granted on a least access method. Strong passwords are required and are rotated on a regular basis. In addition to password security, multi-factor authentication is required for all user accounts. Access to the root account has been restricted and multi-factor authentication enabled to prevent un-authorized access to the root account.
All traffic into and out of the ChurnZero Platform is encrypted using TLS/SSL protocol that leverages either SHA-2 or AES algorithms.
Data is encrypted using Advanced Encryption Standard (AES) algorithm in Galois/Counter Mode (GCM), known as AES-GCM with 256-bit secret keys. Encryptions keys are stored using a Key Management Service. Databases are encrypted at rest as well as in flight between the underlying volume and the compute instances.
Event Log data for all servers is shipped to a central log management solution and stored for a minimum of 7 days.
All files uploaded to the ChurnZero Application are scanned before acceptance.
Customer data is stored in a unique customer specific database schema.
Data is backed up continuously for two weeks for point-in-time recovery. In addition, weekly snapshots are retained for two months. Snapshots are scheduled and executed daily on all critical server infrastructure. All backups are encrypted in transit and encrypted at rest.
Customer data may only be accessed through the application layer. Whether this access is through the user interface or through the publicly available API, it enforces user access controls to regulate access to customer data only to authorized users. As such, ChurnZero does to provide direct access to any database. This approach prevents unauthorized services or systems from accidentally or maliciously retrieving or modifying customer data.
The ChurnZero Application allows the customer to define user roles that control which objects and capabilities within the ChurnZero Application that the user will have access to.
User session expiration (or user session timeout) allows the customer to specify a period of inactivity after which user sessions are terminated and users are automatically logged out of the ChurnZero Platform.
The ChurnZero application stack is continuously monitored for vulnerabilities and anomalies. We work with industry leaders like Threatstack, Detectify and Datadog to have deep, real-time visibility across our infrastructure in order to maintain continuous security for our customers and their data.
With breach detection based on behaviors, we minimize the time that our team needs to spend on identification, analysis of the incident, and process and reporting post-security alerts or incidents.
ChurnZero employees undergo periodic training to focus employee attention on compliance with corporate security policies. For example, ChurnZero DevOps and Professional Services who handle sensitive customer information will undergo security, auditing, access and compliance training.
Data sovereignty is a complex issue that ranges from the technical to the regulatory. Understanding the complexities of the issue, ChurnZero operates data centers in the United States to serve the US and most other North American companies and also in Ireland to support customers in the European Union.
All systems in the ChurnZero Application are highly available.
All critical data is copied on a nightly basis to another region in the same continent.
ChurnZero continuously scans for the hundreds of database and web application hacker vulnerabilities, including the OWASP Top 10.
ChurnZero has yearly third-party vulnerability and penetration testing.
All customer data is deleted within 90 days of contract expiration.