Zingtree Data Security Plan

Disaster Recovery and Data Security information

 

Overview

Zingtree data consists of two parts: The decision trees that our customers build (by authors), and any data collected from use of those trees by end-users.

Data Custodian

Zingtree's CTO will serve as the primary data custodian.

Data Sensitivity

We treat all customer data as equally sensitive.

Data Flow and Transmission

For decision trees, these are built using the author's browser. Zingtree sessions are defaulted as https, so there is no chance of a man-in-the-middle attack gaining access to the tree data.

For end-user use, trees can be deployed as https. Session history data is also sent to Zingtree's servers by https via an AJAX call from an end-user's browser.

Data Storage

Both decision trees and session history data are stored in a database server. Our infrastructure uses Amazon RDS, with a MYSQL database.

Data Access

Decision trees authors access trees via a log in to https://zingtree.com. Authors can also gain access to reports and session data via this login.

End-users may access trees via a secret URL, or an iFrame embedded on a web page in a customer's intranet or web site. In addition, end-users may be restricted by IP address filtering using CIDR notation.

Data Backup and Disaster Recovery

For tree authors, Zingtree has a Snapshots tool, which archives every change made by tree authors, and makes it easy to restore a decision tree to a previous stare, or compare versions. Paying customers can also export decision trees to a CSV or JSON format, and use Zingtree's reports or APIs to extract customer session transcripts and data collection.

On the server infrastructure level, Our Amazon RDS system includes daily and weekly backups automatically. Read Amazon's whitepaper detailing their Disaster Recover plan.

Data Retention (Archiving)

All data collected by Zingtree is saved forever. Individual sessions may be deleted by any authorized author.