Cloud Security
askelle hosts its solution in a private and secure cloud environment
- Hosting a provision-isolated container-based environment
- Equinix datacentre located in the European Union (EU)
- Equipped with zero-trust security and dedicated encrypted storage
Data Ownership
askelle allows you to have full ownership and control of your data
- Opt-in settings to proactively control data sharing
- No internal or third-party model training by default
- Facilitating a customer-driven data retention policy
askelle’s responsibility
Access Control
askelle has established a Zero-Standing Access (ZSA) policy, which limits access to customer business data to two purposes:
- To provide assistance on a customer support case
- To implement product improvements (only available to askelle if customers have opted-in)
If you have further concerns about how business data is accessed within these above parameters, please contact support@askelle.ai for more details.
Cloud Hosting
askelle hosts its infrastructure and stores customer business data utilizing a Private Cloud solution dedicated to askelle. The Equinix datacentre is located in the European Union (EU), and is equipped with private access (zero-trust security) and dedicated encrypted storage.
Data Retention
askelle’s Data Retention Policy is summarized below:
- Account Deletion: Upon cancelling your subscription or account with askelle, askelle will store your business data for 30 days. Written submissions to delete data sooner than our 30-day retention policy can be submitted to support@askelle.ai
- Inactive Accounts: If your account has been deemed “inactive” for over 1 year, askelle will migrate your data to archives. Customers who have been deemed “inactive” will be notified by email when data is being transitioned to our archives. This data will remain in askelle archives for an additional 1-year period, unless reactivated by the customer.
Encryption
askelle encrypts all data at rest and in transit between our customers and us and between us and our service providers and uses strict access controls to limit who can access data. This per-customer encryption ensures that askelle does not have direct access to the encryption keys for customers who have opted-out of sharing business data.
Logging
Centralized logging is enabled for all askelle systems. These logs are monitored for signs of compromise and have automated alerts. askelle has set perimeters for declaring rules and conditions for different levels of data (essential and non-essential), so askelle logs non-essential data only of customers who have opted in.
Personnel
askelle has role-based access control, meaning that employees and contractors are only authorized the access required to fulfill their job responsibilities. Before their start date, all employees and contractors must sign a confidentiality agreement, and agree to askelle’s security policies.
Secure Development
askelle has built a secure software development lifecycle, including requirements like independent peer code review and automated testing protocol. Unplanned maintenance is filtered through a change management process that covers emergency changes and hotfixes. All askelle code is managed in a version control repository, with branch protections in place.
Third Parties
askelle partners with third parties to provide key services. Third parties that handle customer personal data, also known as sub-processors, are continuously monitored in order to ensure that their security programs continue to meet askelle’s standards.
askelle reassesses its sub-processors on a quarterly basis. For the full list of askelle’s sub-processors, please see askelle.ai/legal
your responsibility
While askelle takes responsibility for many of the security controls implemented to secure your business data, we want to ensure customers are informed to follow best practices in securing their user accounts. This includes creating strong passwords, safeguarding payment methods, and disabling accounts as needed.
Additionally, customers are responsible for determining the appropriateness of the data entered into the askelle platform. The sensitivity of the data that customers input to generate proposal content is ultimately their responsibility. Customers should refrain from providing cardholder information, protected health information, and other types of sensitive information managed by a regulatory body.