Hub Security FAQ
In this FAQ, we answer any questions you have around the security of Windward's Hub product.
How is my data accessed?
Your data can only be accessed by logging in to the Hub.
If I walk away from my computer, how long is my data visible for?
You will be logged out after 6 hours of inactivity.
How long are my login credentials valid?
We will remember your browser for 24 hours.
How/where is my data stored?
Customer Templates are stored in Azure Blob storage with each Customer having its own Azure Blob Container. Only users associated with an Organization can access the Organizations container.
Template and batch metadata is stored in Azure Cosmos Db with each organization having their own container.
User login credentials are stored in a SQL database. All passwords are salted with unique salt and hashed.
Credit card information - Windward does not directly handle credit card data. All credit card information is sent directly to our payment processor (stripe) and used by windward via a token that can only be used in conjunction with our secret key.
Where is Hub hosted?
Hub is hosted in Azure’s Central US region.
How is Hub hosted?
Hub is comprised of several different web services all hosted as Azure App Services. Communication directly between services is handled via Azure Service Bus (MassTransit).
How is data encrypted at rest?
All data at REST is encrypted via AES-256 with encryption keys managed by Azure.
How is data encrypted in flight?
All databases are connected to via TLS 1.2.
All inter service communication is encrypted via TLS 1.2.
All communication from clients to our APIs is encrypted via TLS 1.2 (minimum).
How are Hub’s internal resources protected from the public internet?
All databases are isolated to a virtual network and can only be connected to from inside of the virtual network.
How does Windward retrieve data from 3rd party integrations?
We authenticate with Salesforce via Oauth.
What are the requirements for passwords?
Passwords must be at least 8 characters long.
How are my data connection strings stored?
These are stored along with other Hub metadata and are AES-256 encrypted at rest and only ever transported via HTTPS/TLS.
Windward will only ever read data with provided credentials. As part of your shared responsibility please only ever give Windward read only connection strings and limit visibility to only the data required to generate your documents when possible.