Privacy

Many analytics software providers claim to comply with various data protection laws such as GDPR, PECR, or the ePrivacy Directive, but most of them put you and your website visitors at risk.

Service Providers

Below you'll find a list of the key service providers we rely on to operate bchic analytics.

Hetzner Online GmbH

Hetzner Online GmbH operates our EU isolation setup, where we store personal data (as defined by GDPR) isolated within the EU. Our Hetzner cluster is highly available and distributed across Nuremberg (Germany), Falkenstein (Germany), and Helsinki.

Hetzner implements the following security measures to protect our infrastructure:

  • Video-monitored high-security perimeter around the entire data center park
  • Access via electronic access control terminals with transponder key or access card
  • State-of-the-art surveillance cameras for 24/7 monitoring of access routes, entrances, security airlocks, and server rooms
  • Certified according to DIN ISO/IEC 27001, an internationally recognized standard for information security

bchic analytics implements the following security measures to protect our Hetzner infrastructure:

  • Access to our Hetzner infrastructure is restricted to engineers based in Germany
  • Continuous integration is self-hosted via GitLab (not GitHub) to ensure that no US service, company, or individual has access to our EU isolation infrastructure

Additional Security Measures

We take the following steps to ensure the highest level of protection for the service:

  • We strictly restrict access to our infrastructure and personal data. Employees and contractors have no access to information such as your address, as we treat this with the highest confidentiality. Our support staff would only have access to your email address and full name when needed for support requests.
  • Confidentiality agreements bind all employees, contractors, and representatives.
  • Application security: All access to bchic Analytics is secured via SSL (HTTPS), which encrypts the information. We use managed services to ensure that the world's best engineers work on our infrastructure, and we hire the best possible engineers when we need to build the infrastructure ourselves (e.g., EU isolation).
  • Our servers are all highly available, which means that in the event of a failure, an active-standby instance (often in a different availability zone) is ready.
  • We use SQS as our queuing system, a highly available queuing system, to ensure we don't lose any critical tasks.
  • 256-bit SSL encryption within our application and for payment processing.
  • We hash your bchic password unidirectionally, which means we cannot convert it back to the original plaintext.
  • We operate multiple firewalls to protect against DDoS and spam attacks.
  • We use external monitoring to ensure we're notified in the rare event of a service issue. Additionally, we have managed service providers with large engineering teams that manage our infrastructure for us.