We know your data is extremely important to you and your business, and we're very protective of it.
There are three types of the services and products Exploratory currently offers.
This is the core part of Exploratory and this is where Exploratory users perform data analysis. Users can import data from various data sources and it will always be stored and processed locally on that device unless you explicitly publish your data, charts, or notes to Exploratory Collaboration Server or Exploratory Cloud Server to share or schedule.
When you publish your data, charts, or notes to Exploratory Cloud Server (https://exploratory.io) in order to share or schedule, they will be encrypted and stored at our hosted databases that are reasonably secured and protected. This means that if you store information in or submit data to Exploratory Cloud Server, you acknowledge your information and data will be transmitted to, hosted and accessed in the United States.
We use industry standard encryption to protect your data in transit. This is commonly referred to as transport layer security (“TLS”) or secure socket layer (“SSL”) technology. However, internet data transmissions, cannot be guaranteed to be 100% secure, and we cannot ensure the security of information during its transmission between you and us. Accordingly, you acknowledge that when you transport such information, you do so at your own risk.
If Exploratory learns of a security system breach, we may attempt to notify you and provide information on protective steps, if available, through the email address that you have provided to us or by posting a notice on our web site and/or via other communication platforms. Depending on where you live, you may have a legal right to receive such notices in writing.
We're extremely concerned and active about security, but we're aware that many companies are not comfortable hosting code outside their firewall. For these companies we offer Exploratory Collaboration Server, a version of Exploratory Cloud that can be installed to a server within the company's network.
Exploratory Cloud is hosted at DigitalOcean's data center, which are audited and certified by various internationally-recognized compliance standards. Please see DigitalOcean's policy page for more details.
We employ a team of 24/7/365 server specialists at Exploratory to keep our software and its dependencies up to date eliminating potential security vulnerabilities. We employ a wide range of monitoring solutions for preventing and eliminating attacks to the site.
Exploratory’s engineering team is responsible for ensuring that security is a key component of the entire development process. From design reviews, to test cycles, to bug triage, security issues are closely tracked and monitored. All security issues are thoroughly researched, resolved, and then re-tested to ensure they are properly remediated. Additionally, we require key engineering team members to go through secure code development training. Training is delivered at regular intervals or as needed for new hires. This is done to ensure that coding and testing are done with security in mind.
Exploratory performs in-house vulnerability and web application scans as part of our standard product testing process for every release. Our dedicated security testing staff performs tests using a variety of automated and manual testing procedures. Test plans include test cases for common vulnerabilities as well as top vulnerabilities published by the Open Web Application Security Project (OWASP). We also monitor the National Vulnerability Database for vulnerabilities that may affect third-party components included in our products.
Exploratory Cloud is multi-tenant and does not segment your data from other users’ data. Your data may live on the same servers as another user’s data. We consider your data private and do not permit another user to access it unless you explicitly share it.
Exploratory Cloud retains your content unless you take explicit steps to delete data, charts, and notes. For information on how to delete them, please see this help document. For information on our retention policies, please refer to the section of our privacy policy, titled “Data Retention and Deletion”.
No Exploratory employees ever access to your private contents including data, charts, and notes you publish to Exploratory Collaboration Server unless required for support reasons. Support staff may sign into your account to access settings related to your support issue. When working a support issue we do our best to respect your privacy as much as possible, we only access the published contents and settings needed to resolve your issue.
We protect your login from brute force attacks with rate limiting. All passwords are filtered from all our logs and are one-way encrypted in the database using bcrypt. Login information is always sent over SSL.
We have full time security staff to help identify and prevent new attack vectors. We always test new features in order to rule out potential attacks, such as XSS-protecting wikis, and ensuring that Pages cannot access cookies.
We hand off credit card processing to Stripe. They power online transactions for thousands of business and SaaS platforms and comply with PCI standards in the storage and handling of credit card information.
Publicly disclosing a vulnerability can put the entire Exploratory community at risk. If you have discovered a possible vulnerability we would greatly appreciate you emailing us at support@exploratory.io. We will work with you to assess and understand the scope of the issue and fully address any concerns. Any emails are immediately sent to our engineering staff to ensure that issues are addressed rapidly. Any security emails are treated with the highest priority as the safety and security of our service is our primary concern.
All security-related notifications will be announced to our customers via the Security Bulletins community page at https://community.exploratory.io/c/security. This page also includes information about our response to Internet-wide security vulnerabilities that impact Exploratory products and services, release notes about security bug fixes and disclosed vulnerabilities, and anything else that our customers should know about.
Have a question, concern, or comment about Exploratory security? Please contact Exploratory Support.