ScreenSteps follows standard security best practices. This document details our current practices. Please feel free to contact us at firstname.lastname@example.org with any questions.
All requests to ScreenSteps are made over SSL connections EXCEPT in the following cases:
- When the account user has created a public facing site that does not require a login
- When the account user is using a host mapped domain and has not added an SSL certificate for that domain
ScreenSteps consists of a hosted web application as well as a downloadable desktop application.
The desktop application is available for Mac and Windows and communicates over SSL directly with the ScreenSteps web application.
The ScreenSteps web application is hosted on the Amazon Cloud. Image data is stored in the Amazon S3 service.
IT services for ScreenSteps are provided by EngineYard. EngineYard maintains our technology stack and assists in identifying and applying security updates.
Access to your data
There are two parts to your data:
- Log data for the application
- The text content that is stored in a database
- The image data that is stored on Amazon's S3 servers
Your database content is only accessed by people you authorize on your account. Your database content may be accessed by a ScreenSteps admin to provide troubleshooting assistance or feedback. This is only done after receiving permission from an administrator on your account.
ScreenSteps maintains application logs. These logs will contain text data that is sent from the ScreenSteps desktop application or the web application. Password data is automatically filtered out. Logs are only used by the ScreenSteps team to troubleshoot customer issues and improve application performance.
ScreenSteps uses a third party tool to aggregate log data. Please contact us if you would like more information about the vendor we use.
Images are stored on Amazon's S3 storage service. If you are working in a protected site then each image will have an expiring URL. That means that after a certain time period the URL that points to the image will need to be regenerated by the ScreenSteps application.
If you mark a site as public or enable the HTML copy feature on your site then images are stored with a public URL that does not expire.
All ScreenSteps employees receive security training and do their best to implement security best practices.
- Employees are trained in security best practices
- Computer workstations all use industry standard encryption
- All workstations have security software installed which is regularly updated
- Employees are trained to never disclose personal data to unauthorized people, either within the company or externally
- The only people who have access to personal data are those who need that data to perform their job function and/or support our customers.