GDPR Compliance
At Bitbar, we understand the importance of data and personal information. We have been working with internal teams to prepare for the GDPR which will go into effect on May 25, 2018.
Our commitment
Even though we are not gathering personal data from various social sites our customers upload their apps and tests for test execution.
On Public Cloud we offer our customers the possibility to remove their accounts and all information related to them will get removed from our system.
While we do our best for securing the public cloud, it still is a shared environment where there can be traces from previous users. True security is provided by On-premise and Private Cloud setups, where the environment is totally dedicated to the customer and may even be at the customer premise. All data uploaded and used in these environments are subject to customer IT (security) policies.
Private and On-premise cloud users aren’t really affected by this new law, as in these setups the customer is in charge and decides on how they handle their data.
With GDPR service providers have obligations to customer data.
Data Control
At Bitbar we don’t play around with our customer data. We only process the customer test result data solely for the purpose of presenting the customer with the accurate and valuable test run results. We do monitor customer uploads, runs and results in whole to make sure our service is working as well as it should.
Customer run results are their own and nobody else’s while we host them. In addition to the customer and the cloud administrators (Bitbar admins in case of Public Cloud), nobody else has access to user data.
As we provide additional services to our cloud, we constantly seek to implement new security measures to ensure our customers’ data stays safe in our environment.
Data Security
Because our users generate a lot of data with all the test runs being executed we automatically remove any data older than 120 days. After this the data is gone forever.
- Safeguards to keep data for additional processing
- Data protection measures, by default
- Security as a contractual requirement, based on risk assessment, and encryption
Right to Erasure
Especially with the coming of new EU legislation we earlier this year added the possibility for users to delete their accounts from the cloud. This is especially important for users of the public cloud. For more information on how to do this, please check our online documentation: http://docs.bitbar.com/testing/user-manuals/account-settings/index.html#delete-account
This will remove any data uploaded by the user to Bitbar cloud. We have no way of undoing this once the user is past the 7 days undo time.
When Private cloud setups are removed, every device is cleared and all hardware is reconfigured from scratch. No traces of previous cloud owners are left.
Risk Mitigation and Due Diligence
As a company we exist because we believe software can be made easier and we want to help our users to do the same for their applications. For this reason we are constantly improving our service and making sure the data trusted to us by our customers stays safe in our environment. We only use services that on their part also thrive to do the same and seek or already have accreditation for data protection and security measures.
Breach Notification
This is one of the things that cannot be imposed on a company. We have nothing to gain by not being open about possible intrusions to our system. If we get hacked, we will first make sure the service is secure for our clients to use to not spread any possible harm forward and then let our customers know what has happened.