Guides
Talk to Us

FAQ: Data Privacy and GDPR

Suggest Edits

Is Verimatrix Counterspy an on-prem or cloud service?

Counterspy is a cloud service using AWS infrastructure managed by Verimatrix.

Where, geographically, is the service located?

Currently it is in Dublin, Ireland. Verimatrix reserves the right to add additional geographies. Customers will be notified prior to this occurring.

Do you have a privacy policy?

Yes, the privacy notice relevant for interaction with the Verimatrix website can be found here https://www.verimatrix.com/privacy/. The data protection and privacy terms for the Counterspy service can be found in section 9 and Appendix A to the End User License Agreement which can be found here https://appshield.verimatrixcloud.net/terms

Does the service comply with privacy regulations like GDPR?

Yes, the service was built from the ground up to be GDPR – and other privacy legislation – compliant.

Do you have a security policy?

Yes, this is available on request from Verimatrix.

In the event of a data breach, will Verimatrix notify its customers?

Yes, Verimatrix will notify any customers affected by a data breach as described in the EULA https://appshield.verimatrixcloud.net/terms Appendix A paragraph 4.m.

Who owns the data?

Verimatrix acts as the data processor. The data controller is Verimatrix’s customer.

How is data from client devices to Verimatrix’s services protected?

An encrypted communication channel (TLS) between the client and server is used. Further protection is provided in the form of application-level encryption which utilises a shared secret between Verimatrix’s security agent and the server.

To protect against man-in-the-middle attacks, all communication is certificate pinned.

What personal and/or financial data do you process and/or store?

No end user financial data is processed or stored by Verimatrix. For customers that have chosen to pay for the service by credit card, Stripe acts as a sub-processor under the control of Verimatrix.

Details of personal data processed and stored by the service are in the EULA - https://appshield.verimatrixcloud.net/terms Appendix A Description of Data Processing

The only data Verimatrix processes that can be mapped to an individual is the IP address. As this is personal data, by extension all other data Verimatrix processes is considered personal by legislation such GDPR.

Verimatrix masks the IP address (wiping the last octet) as soon we it begins processing the data. This retains enough resolution to allow for functionality such as geo-lookup, but the data can no longer be mapped to an individual by Verimatrix.

This means Verimatrix does not store any data that can be mapped to an individual end user.

If Verimatrix cannot map to an end user, how do we manage risks?

Verimatrix provides client-side identifiers accessible by our customers. These allow our customers - and our customers only - to map a data set to an individual account.

How long is the data retained?

Currently 30 days. Verimatrix reserves the right to extend this period. Any affected customers will be notified if the retention period is changed.

Is data stored encrypted?

Yes, Verimatrix encrypts all stored data.

Can personal data be deleted on request?

Yes, Verimatrix’s customers can request deletion of end user data and Verimatrix will do so in compliance with applicable regulations.

Is the service multi-tenanted?

Yes.

How do you maintain tenant separation?

IAM based separation.

Updated over 1 year ago