How we keep customer data secure

Keeping customer data private and secure has never been more important. At Quantum Metric, we take this responsibility very seriously. We provide three capture options that occur on your customers’ devices, at the point of capture.

Data Capture

We provide three capture options that occur on your customers’ devices.

Capture

For most web pages or app views, the data we capture is relatively harmless. For example, data that’s displayed on a product detail page is already public. Or, a text string that a user enters into a search field isn’t sensitive.

Do Not Capture

However, there are clear situations when sensitive data should not be captured, for example, personally identifiable information (PII) such as social security numbers or PCI DSS data such as credit card numbers. Out of the box, Quantum Metric automatically blocks capture of sensitive data, and you can easily set up additional data that should never be captured. Meaning: Sensitive data is never captured.

Encrypt

There are some situations when sensitive data needs to be captured, for example, a user’s name and address or a purchase order number. However, to protect identifiable data and stay compliant with GDPR and CCPA, we use public / private key pair encryption, and only you own the private key to decrypt sensitive data. This technique, known as pseudonymization, is recommended by GDPR and CCPA.

Data in Flight

Once data is captured, it’s sent encrypted via a forward secrecy SSL connection, to the Quantum Metric cloud service, hosted in a secured Google Compute cloud. Our certificates are 2048 bit RSA, signed with SHA256.

Data at Rest

Data is stored in the Google Cloud Platform (GCP) region closest to your location. Additionally, Google uses the Advanced Encryption Standard (AES256) algorithm to encrypt data at rest. For detailed information about Google’s security, please visit https://cloud.google.com/security.

Our Encryption Process

Read how we protect your customer data and ensure you’re compliant with GDPR and CCPA.

Get the white paper

Single sign-on (SSO)

Access to data within our platform can be restricted via Single-Sign-On (OpenID and SAML 2.0) to ensure that only specific team members have the ability to view user data. In addition, we provide the ability to audit all attempts to access user data and track reasons for access.

Role-based access control (RBAC)

Our Teams functionality provides role-based permissions to simplify user management while ensuring full control over sensitive data and compliance with GDPR, CCPA, etc.

See Continuous Product Design in Action

Watch an on-demand demo for a quick look into the platform or request a personalized live demo.

Watch a demo