In this FAQ, we answer any questions you have around the security of Windward's Hub product.
Your data can only be accessed by logging in to the Hub.
You will be logged out after 6 hours of inactivity.
We will remember your browser for 24 hours.
Customer Templates are stored in Azure Blob storage with each Customer having its own Azure Blob Container. Only users associated with an Organization can access the Organizations container.
Template and batch metadata is stored in Azure Cosmos Db with each organization having their own container.
User login credentials are stored in a SQL database. All passwords are salted with unique salt and hashed.
Credit card information - Windward does not directly handle credit card data. All credit card information is sent directly to our payment processor (stripe) and used by windward via a token that can only be used in conjunction with our secret key.
Hub is hosted in Azure’s Central US region.
Hub is comprised of several different web services all hosted as Azure App Services. Communication directly between services is handled via Azure Service Bus (MassTransit).
All data at REST is encrypted via AES-256 with encryption keys managed by Azure.
All databases are connected to via TLS 1.2.
All inter service communication is encrypted via TLS 1.2.
All communication from clients to our APIs is encrypted via TLS 1.2 (minimum).
All databases are isolated to a virtual network and can only be connected to from inside of the virtual network.
We authenticate with Salesforce via Oauth.
Passwords must be at least 8 characters long.
These are stored along with other Hub metadata and are AES-256 encrypted at rest and only ever transported via HTTPS/TLS.
Windward will only ever read data with provided credentials. As part of your shared responsibility please only ever give Windward read only connection strings and limit visibility to only the data required to generate your documents when possible.