1 (888) 907-0301 search

Security and Privacy

We take the security and privacy of customer data seriously. ActivTrak uses a multi-layered approach to secure the private information our customers entrust to us. Our service was designed and built from the ground up with the security of your data in mind to ensure the confidentiality and integrity of all collected data.

Transparency

Today, people are rightly concerned about how their personal information is used and shared. Organizations have a responsibility in helping people understand their own activity and the activity of their employees. ActivTrak technology empowers organizations to identify behavioral trends and gain insight into human work behavior on digital devices in the workplace. ActivTrak strongly encourages our customers to be transparent with the users of their digital systems and inform them that they will have their activity monitored. The intent of monitoring an organization’s employees is to better understand how to increase organizational productivity, strengthen cyber defenses, and lift employee engagement.

Security

How We Secure Collection of Your Data

Data is Encrypted in Transit – All account information is encrypted in transit and stored in a secure data center in hosted by Google Cloud Platform (GCP).

  • ActivTrak uses encrypted connection protocols including HTTPS, SSL, and TLS.
  • Agent to ActivTrak Cloud: Communication between the ActivTrak cloud and the agent uses HTTPS/TLS with AES-128 encryption
  • Mutual authentication is provided by a combination of digital certificate and per-instance shared key created during deployment.

How We Secure Storage of Your Data

Data Is Encrypted at Rest – ActivTrak uses several layers of encryption to protect customer data at rest in the Google Cloud Platform (GCP) products.

  • Data within the cloud is stored using AES-256 encryption.
  • Data is automatically encrypted prior to being written to disk
  • Each encryption key is itself encrypted with a set of master keys

Every piece of data; screenshots, videos, and activity logs, are split into discrete blocks which are encrypted using a complex cipher.

Rigorous Security Testing

We regularly test our infrastructure and apps to isolate and remediate vulnerabilities. We also work with industry security teams and third-party specialists to keep our users and their data safe.

ActivTrak is designed with multiple layers of protection across a distributed, reliable infrastructure. All ActivTrak data is stored in a secure data warehouse managed and secured by Google Cloud Platform (GCP).

Privacy

Who Has Access to My Data?

You own your data. ActivTrak does not view or have access to the private information collected by your account. Our policy is to take a ‘least-privilege’ approach, meaning we only have access to a limited view upon request for support from an authorized administrator for your account.

  • Client information stored in the cloud is obfuscated with an organization specific key to which ActivTrak employees do not have access to unless temporarily granted by the customer for troubleshooting
  • User access is highly restricted, must be approved by an organizational admin and time-limited
  • We do not have access to the private contents of your users, including screenshots, activity log data, or video recordings.

How We Protect Your Data

ActivTrak is designed with multiple layers of protection across a distributed, reliable infrastructure. All ActivTrak data is stored in a secure data warehouse managed and secured by Google Cloud Platform (GCP).

  • Servers are hosted in a SOC2 type 2 compliant datacenter, across multiple availability zones/regions.
  • Google’s physical infrastructure has been accredited under ISO 27001, SOC 1/SOC 2/SSAE 16/ISAE 3402, PCI Level 1, FISMA Moderate, and Sarbanes-Oxley.

Redaction of Private Information

ActivTrak does not keep does not collect or retain HIPAA, PCI or Special Categories of Personal Data (in accordance with Article 9 of GDPR). Automated sensitive content redaction and flagging are available to ensure private data is never stored on ActivTrak systems.

Data Recovery and Retention

We empower all of our customers to control their own data through the app. As long as your account is active, you have full control over the specific types of data, and length of time you hold such data. For example, you can delete or export a single individual survey response from your account if required to do so. ActivTrak saves a history of all deleted and previous versions of user activity data, and allows you to restore them for up to 7 days. Activity Log Data, videos and screenshots can be exported via a variety of methods in compliance with Right to Data Portability (GDPR, Article 20)

Compliance

ActivTrak supports compliance initiatives such as HIPAA, COPPA, and GDPR.

Ultimately customers are responsible for evaluating their own compliance with the law.

Additional Compliance Resources:

Credit Cards

ActivTrak never stores credit card details associated with your account.

All credit card information is collected and processed by a third-party, PCI compliant payment processor. Your card information is passed directly to them, meaning your credit card information never touches our servers.

Passwords

We do not have access to any password details. All passwords are encrypted in transit, and stored in a secure data center.

Join a Trusted Community

Over 130,000 organizations trust us with their most important work.

Getting started is easy. Be up and running in minutes

Free Signup
We Use Cookies!

We use cookies to provide you with a great user experience. By using our website, you agree to our Privacy Policy & Website Terms of Use .

x