Disclaimer: This article is provided for your convenience and does not constitute legal advice
A common question we receive is about SG Widget is security. It is natural for our customers to have concerns about their data and that of their users, especially given the recent changes around GDPR.
In short, security is the number one priority in our app, ahead of email collection functionality itself. This is because we’ve worked extremely hard to build our business and want to see it grow. Without proper security practices and measures, customers would spot the flaws, we simply wouldn’t have a reliable operation and our business would suffer.
Without going into too much detail(as that would be a security risk) this post details the security mechanisms we have in place to protect our users, their users and our business.
All requests that enter our system are checked and validated to ensure they are legit. Our DDoS protection is constantly looking for repeated requests and immediately blocks any suspicious traffic. We outsource this to Cloudflare as they are experts in Web Security and can protect things much better than any code we could write.
Sensitive customer data is encrypted. This applies to Sendgrid Tokens and user passwords. Even if we wanted to view your data, we wouldn’t have the keys to unlock it. Our infrastructure for storing, encrypting and decrypting sensitive information runs in a separate data centre than the SG Widget front end website.
Customers regularly contact us asking can we check if their Sendgrid API key is correct. Our answer is always the same - we can’t tell you because we cannot view it. This leads to frustration for some users but it is better than having insecure processes.
SG Widget uses Stripe.com to handle all payments. Stripe has been audited by a PCI-certified auditor and is certified to PCI Service Provider Level 1. This is the most stringent level of certification available in the payments industry. When you enter your card details they never touch our servers as the request is sent directly to Stripe. When your annual subscription is being renewed, the payment is taken from your account by Stripe, not us. We have no desire to write payment processing code when there are secure providers like Stripe that we can outsource it to.
If data is lost for whatever reason(accidental deletion, update failure, corruption) we have regular offsite backups to ensure no loss of customer information. An unfortunate oversight that happens many software companies make is that they don’t test restoring from a backup. When their data is then lost or corrupted and they attempt to restore from a backup, it fails and they weren’t aware because they never tested the backup.
We have tested restoring our database from a backup and know that if the worst happens, we can be up and running again in minutes.
Each widget can work on one domain and one dev URL. If someone copies your widget code and tries to embed it somewhere else, the request will fail because the origin won't match the whitelisted values in the SG Widget backend.
SG Widget forces HTTPS for all services including our website, application and API.
As Double Opt In is available on all plans, our users can comply with the regulations of the CAN-SPAM act. SG Widget is one of the only Sendgrid Subscription Widget's that complies with the CAN-SPAM act.
When you create an account on SGWidget.com, Leader Internet will become the data controller for the purpose of the General Data Protection Regulation(GDPR) and other applicable data protection laws.
For your users that subscribe through a website placed on your website, we are not the data controller. That information is passed through to Sendgrid. If there are any questions about the data after that, they should be forwarded to Sendgrid.
SG Widget account passwords are hashed. Our own staff can't even view them if requested. If you lose your password, it can't be retrieved—it has to be reset using our passworded reset functionality.
We never store sensitive data longer than we need it.
If a widget uses Single Opt In, we send the requests directly through to Sendgrid and the email addresses are never stored on our systems. If a widget uses Double Opt In, we store the email address until the subscription is confirmed or until 48 hours have passed. After that, we delete it from our database. We have no need or use for customer email addresses. Selling data is not in our business model. Our focus is on providing email capture functionality for developers developers.
We are continuously testing and improving our security environment and quickly investigate all reported issues. If you believe you’ve discovered a bug in SG Widget's security, please get in touch. We will respond as fast as possible to your report. We request that you do not publicly disclose the issue until it has been addressed by our team.
SG Widget is committed to security for your benefit and ours. We wouldn’t have a business if we couldn't prove to users that our systems are secure. It is essential for any software company operating in the email marketing space to have robust security practices, especially if they are handling sensitive data. We realize this and make it part of our daily workflow so we are more secure than the official Sendgrid Subscription Widget For Wordpress.
This list is not finite. We are constantly evolving in line with the latest technologies, threats, regulations, laws and customer behaviours. If you feel there is an area we need to work on then let us know privately and we will get to it as quickly as possible.