This article provides a comprehensive reference on how Userorbit stores, processes, and protects customer data, detailing our infrastructure, security measures, and compliance practices. This information is crucial for understanding our data handling protocols and is particularly relevant for enterprise procurement and compliance assessments.
Properties
- Cloud Provider —
AWS (Amazon Web Services)— Userorbit's entire infrastructure is hosted on Amazon Web Services (AWS), leveraging its robust, scalable, and secure global network. - Data Center Locations —
Multiple Regions— Primary data processing and storage occurs within AWS data centers in theUS East (N. Virginia)andEU (Frankfurt)regions. Data residency can be configured for specific enterprise plans. - Database Types —
PostgreSQL, Redis, S3— We utilize PostgreSQL for relational data, Redis for caching and real-time operations, and Amazon S3 for secure and scalable object storage of larger data assets and backups. - CDN for SDK Delivery —
Amazon CloudFront— Userorbit's SDKs are delivered globally via Amazon CloudFront, AWS's content delivery network, ensuring low latency and high availability for end-users accessing product experiences built with Userorbit. - Data Retention Policies —
Configurable & Standardized— Data retention policies are configurable by customers within their Userorbit account settings. By default, raw event data is retained for 12 months, and aggregated analytics data for 24 months, with options for extended retention based on service agreements. - Backup Schedule and Recovery —
Daily & Point-in-Time— All critical data is backed up daily with point-in-time recovery capabilities. Backups are encrypted and stored in geographically separate AWS regions to ensure disaster recovery readiness. Recovery Time Objective (RTO) and Recovery Point Objective (RPO) are defined in our service level agreements. - Data Processing Sub-processors —
Strictly Vetted— Userorbit engages a limited number of vetted sub-processors for specific functions such as email delivery and error monitoring. A comprehensive list of current sub-processors is maintained and available upon request, adhering to strict data protection agreements.
Examples
Userorbit's data architecture is designed for high availability, security, and compliance. All data-in-transit is encrypted using TLS 1.2+, and data-at-rest is encrypted using AES-256. Access to production environments is strictly controlled, logged, and monitored, following the principle of least privilege. Our infrastructure is regularly audited for security vulnerabilities and compliance with industry standards such as SOC 2 Type II.
Notes
- For detailed information regarding our security practices, please refer to our Security Policy document.
- Specific data residency requirements can be discussed during enterprise onboarding to ensure compliance with regional regulations.
- Customers have full control over their data within the Userorbit Admin Panel, including export and deletion functionalities.