All data collected by X-Ray Leads is stored electronically on servers across Europe on Vultr’s infrastructure within their datacentres. Our application servers and database servers run inside a private cloud. The database containing visitor and form data is only accessible from the application servers and no outside sources are allowed to connect to the database. We store encrypted backups via Amazon Web Services “Simple Storage Service” that are only accessible using secure credentials.
Data collection and transmission
Firewalls are in place exposing only the necessary ports through the internet and between different servers. Intrusion protection system (IPS) software is in place as a second layer of security, which will block access as soon as any suspicious login activity is detected.
X-Ray Leads transmits data from the visitor’s browser to our systems using WS over TLS (secure WebSockets) and HTTPS.
Data in transfer is encrypted using the following protocols and ciphers:
Data access and authentication
Only engineers which require such access to perform their job efficiently are given access. Different engineers are given different access rights on different system components as well depending on the requirements of their task. Engineers who do have access have their own credentials and these are only valid when used from specific IPs. SSH key-based authentication is used for server access.
Data collected via X-Ray Leads is exclusively reserved for use by our users and customers. We do not make use of the data collected in any form or way unless consent is officially given by an admin of the relevant account, clearly outlining what the data will be used for.