Product

Wondaris is a Audience, Enrichment and Activation Platform that drives business outcomes

Privacy & Security

Our commitment to the security & privacy of your data.

Overview

At Wondaris we know the importance (and value) of data - both to your business & to the data subjects (your customers) - and as such, we take privacy and information security extremely seriously.

We are committed to the security & privacy of your data and the data subjects it pertains to; which is why at every stage of our operations and embedded deeply within our platform, we go to great lengths to ensure your data is safe & secure.

This security overview page provides a high level look into our security stance to provide you with the confidence that we have the ability to uphold those high standards.

Product Description

Data Processing - The Wondaris platform is a single-tenant SaaS platform that unifies, stores, processes and enriches customer data to provide improved audience insights, primarily for marketing and communication campaigns.

Activation - Enriched audience segment can be pushed (via API) to 3rd Party activation platforms such as CRM, Digital Advertising Platforms (for example Google, Facebook), analytic platforms and BI tools

ISO/IEC 27001:2013

Wondaris is an ISO 27001 Compliant and certified business and conducts regular internal and external audits of our systems and processes to ensure continued compliance.

Infrastructure

Wondaris is a cloud-first business, meaning that all of our services run in the cloud. We don’t have any internal servers, networks, load balancers, DNS servers or any other infrastructure; our services are built on the Google Cloud Platform, which provides extremely strong security measures to protect our infrastructure and are compliant with most certifications. You can find out more about Google Cloud Platform’s security credentials here: https://cloud.google.com/security/compliance

Isolation

All data infrastructure within Wondaris is isolated using a single-tenant setup within Google Cloud. This ensures your customer data can never spill out to other users’ views, ensuring the highest security stance at an infrastructure level.

This also means that the data infrastructure can be run inside your Google Cloud organisation, providing you with even more confidence in the security of your data.

Data encryption

All data within Wondaris is encrypted in flight and at rest.

We use Google Cloud’s default encryption methods to encrypt data at rest. Information about Google Cloud’s encryption at rest can be found here: https://cloud.google.com/security/encryption/default-encryption

SSL / TLS

All of our public facing services use strong SSL / TLS encryption, limiting the ciphers used to those that provide the highest possible protection.

Wondaris maintains and runs regular SSL testing to ensure a minimum score of “A” for all platforms, using SSL Labs’ scanning - results of our most recent scans can be found below:

Public facing platform SSL termination occurs in Google Cloud’s load balancers, and all internal traffic is also encrypted as it flows through the Google Cloud network.

Data ingress

Data ingress is completed via several methods; for the most part, the data will be sent to the BigQuery datasets within the GCP Project directly via the GCP mechanisms (i.e., Dataflow, scheduled queries or materialised views).

Data egress

Occurs via the secure APIs provided by the various third parties (e.g.: Google Ads, Facebook Ads). These are all secured by oAuth2 and externally controllable by the client (ie, the tokens can be revoked from Wondaris at any time within the third-party platforms).

All API communication, whether that is internally between our services or to external providers is encrypted using SSL / TLS certificates.

Security Monitoring

Monitoring

We use Google Cloud’s automated monitoring & alerting mechanisms to detect errors, monitor logs & detect anomalies in our platform services.

Logs are collected and stored to provide us with audit trails of all activities within our platform services.

We have deeply integrated monitoring tools within our codebase, such as Open Telemetry to ensure our microservices are running in an optimal fashion for our users.

Uptime & error alerts are set up for Wondaris - these are sent to multiple channels (removing the reliance on a single notification mechanism) - our public uptime pages can be found here: https://stats.uptimerobot.com/DZ2PwhB8j9

Vulnerability scanning

The Wondaris platform is routinely monitored for vulnerabilities - at a code level (via static code analysis & dependency analysis), infrastructure level (via GCP security scanning), and via automated network & server scanning.

We run automated monthly penetration tests via our chosen provider Intruder.io. These scan over 10,000 known vulnerabilities in our public and private services, using industry-leading scanning engines. It scans for vulnerabilities such as misconfigurations, missing patches, encryption weaknesses, and application bugs in unauthenticated areas. On top of the monthly scans, emerging threat scans are run on-demand when threats are listed as Common Vulnerabilities and Exposures (CVEs) and can be tested for - these are often multiple times per week (sometimes multiple times a day!).

Platform Security Controls

Identity & Access Management

Identity & Access management within the Wondaris platform is controlled by the client. At least one user is provided with an “owner” role to control all access levels within the Wondaris platform. We also have various other roles that provide granular access control to various functions within the platforms.

Logging

Wondaris has internal logs that it maintains and surfaces into the Wondaris platform user interface (where required) for various functionalities, such as data ingestion, CDP processing & activation sends.

Wondaris has deeper infrastructure logs (that DO NOT CONTAIN any business or customer data) - should the client require access to logs for compliance reasons we are happy to work with them to provide them.