Enterprise data policy addendum

This addendum is supplementary to the main Privacy Policy, supplying additional information required by enterprise clients.

For additional information, or requests for Customization to meet stricter data security requirements (ex. creating a dedicated cloud environment in your private network), please reach out via Enterprise@BlazeSQL.com.

Data policy addendum

Last updated: 29.06.2023

This data policy addendum provides supplementary information on how Blaze Analytics ("we" or "us") processes the data you provide when using our website and AI-based SQL chatbot service (the "Service"). It is supplementary to the Data Privacy Policy.

Data Encryption:

1. Data-at-Rest Encryption

BlazeSQL, powered by Google Cloud Platform, automatically provides encryption at rest. All user data stored in our applications is secured under the 256-bit Advanced Encryption Standard (AES-256). This encryption method is applied to all data within the computing, storage, networking, and off-site media at Google data centers.

2. Data-in-Transit Encryption

BlazeSQL ensures that all data-in-transit is securely encrypted using HTTPS with Transport Layer Security (TLS). This security measure ensures that all communications between BlazeSQL and the cloud servers are securely encrypted, thwarting any potential data interception.

3. Google Cloud Firestore Data Encryption

Google Cloud Firestore, which BlazeSQL uses for data storage, automatically encrypts all data both at rest and in transit. Advanced custom security rules can be used to control access to critical data, ensuring that only authorized accesses are permitted to read or write data.

4. Enterprise Compliance

Google Cloud Platform holds several key security accreditations including ISO 27001, ISO 27017, ISO 27018, SOC 1, SOC 2, SOC 3, and GDPR. For specific enterprise needs, Google Cloud additionally offers Cloud HSM to manage cryptographic keys, adhering to FIPS 140-2 Level 3 compliance.

Access permissions:

Databases added to BlazeSQL are controlled by the person who added them ("the admin"). Only individuals explicitly selected by the admin ("invitees") can view the database.

Invitees can either only read, or read and write (creating, updating, and deleting tables) depending on the level of access granted by the admin.

Logging and accountability:

Enterprise customers can opt to record events for monitoring and troubleshooting system performance and security. Users require unique accounts, allowing enterprise customers to precisely monitor and trace all activity.

• User Activity: Details like who generated, modified, or deleted SQL queries, which data they accessed, the timestamp of their activities, and more.

• Security Events: Failed login attempts, changes in user roles, or access permissions.

• System Activity: Records of system events, such as system shutdown, updates, or system errors.

Incident response:

For the case of an incident, BlazeSQL has the following customizable response strategy:

1. Identification and Reporting:

BlazeSQL will leverage Google Cloud Platform's (GCP) built-in security controls and Firebase's real-time monitoring capabilities to ensure quick identification of potential incidents. Any unusual system activities will be instantly flagged and reported.

2. Assessment and Analysis

Upon notification, BlazeSQL's dedicated security team will assess the reported incident's severity, documenting the extent and potential impact, prioritizing incidents according to their severity.

3. Containment and Eradication

The team will immediately isolate the affected components to limit any potential data exposure or system damage, leveraging GCP and Firebase's infrastructure to control the situation. The source of the incident will be identified and eradicated.

4. Recovery

BlazeSQL will utilize GCP's robust data recovery and backup solutions to restore affected services and data. The recovery timeline will largely depend on the incident's nature and severity.

5. Post-Incident Review

Post-recovery, an incident review will be conducted to understand the root cause, measure the effectiveness of the response, identify any gaps in security controls, and develop a plan to strengthen system security and prevent repetition..

6. Communication

Transparent and timely communication will be maintained with all stakeholders throughout the process. Post-incident, concrete steps taken and improvements in system security will be communicated to reinforce confidence in BlazeSQL's commitment to data security and privacy. All incident response actions will align with BlazeSQL’s stated data privacy and security policies, as well as regulatory requirements. BlazeSQL is committed to continually improving its incident response action plan so it can swiftly react to and recover from any potential security incidents.

Contact Us:

If you have any questions or special requirements that are not met by the standard data policy, please contact us at: Enterprise@BlazeSQL.com