Data transmission and storage security is imperative in the modern enterprise. That’s why we have taken all measures to keep all information appropriately protected.
Our data centers, provided by IBM Cloud, are located in Texas, US and Frankfurt, EU. They are behind a number of security clearances, and there’s always a security guard on duty. Services provided to us by IBM Cloud are in compliance with the SSAE16 standard. We also use AWS S3 buckets and GCP Storage services.
Our co-workers are granted access only in their respective fields and day to day work. They are required to maintain confidentiality, also after departure from the company.
LiveChat developers treat customer’s data with the highest level of security and care. Each piece of customer data is treated in need of high protection. We have implemented security policies which ensure safety of the data storage and transmission.
LiveChat uses the following versions of Transport Layer Security (TLS) protocol: 1.2 and 1.3. When accessing our software, you are communicating with LiveChat through Akamai, our Content Delivery Network provider. During this communication you negotiate through which encryption algorithm will be used, before the application protocol transmits or receives its first bytes of data. Most LiveChat connections are encrypted with the TLS 1.2 protocol.
If you’d like to retrieve chats that you had with our support team, you can simply send us an email at support@livechat.com, asking to retrieve all the data that we gathered at LiveChat. When sending us the information retrieval request note that it should be sent from the email address that is registered under your LiveChat subscription.
Domain used by LiveChat
To make sure your firewall is not blocking any LiveChat requests, please add the following domains to your firewall’s exception list.
*.livechat.com
*.livechat-static.com
Our CDN and anti-DDoS infrastructure is using tens of thousands edge servers, so we cannot provide a list of all IP addresses used in the process.
Note that a firewall with an IP ACL policy has the additional disadvantage that access control based solely on IP addresses is prone to error due to attacks like spoofing, DNS cache poisoning, and BGP hijacking. We recommend that network administrators using IP ACLs for web traffic employ a simple proxy server that filters traffic based on domain name, for example: *.livechat.com in the HTTP request, rather than by the IP address of the remote server.
Security of information
LiveChat is in the compliance with the following information related security and monitoring procedures:
-
Documented and defined security procedures,
-
Cooperation confidentiality agreement,
-
Access to information granted only to co-workers who need to work with customers’ data or hosting servers,
-
Access to customer data is canceled or changed within 24 hours of co-worker’s departure or relocation within LiveChat,
-
Training on internal security policies and raising of security awareness as a day-to-day process.
Physical security ensured by data centers and hosting provided to and by LiveChat meets the following requirements:
-
Secure rooms with at least two access mechanisms, i.e., key-cards, man traps, security guards, and computer room badge-in,
-
Authorized co-workers only are allowed physical access to the servers. 24/7 security at the location,
-
Backups of customer data are stored on-site with limited access and at a securely controlled or commercial off-site location,
-
The site guarantees additional protection such as uninterruptible power and fire suppression,
-
Flawed components in the data center undergo DoD-approved “erase” or “wipe” procedure (if functionally possible) prior to physical destruction.
Technical controls
LiveChat supports technical controls to provide protection to its network, systems, and applications:
-
LiveChat utilizes professional facilities via a top tier hosting provider that protect customer data from external threats,
-
LiveChat maintains individual accountability for co-workers that can access systems hosting customer data,
-
LiveChat has documented user account/password management systems for co-workers with access to systems that are hosting customer data
-
LiveChat ensures that individual access to customer data is controlled, i.e., a diverse username and password is required for each individual administrator,
-
Customer data is compartmentalized to prevent unauthorized access and separated from the data of other customers,
-
Wireless connectivity to networks or servers hosting customer data is protected using security mechanisms such as EAP, TTLS, TLS, or PEAP.
Usage
To ensure protection of confidentiality, integrity, and availability of customer data, LiveChat meets the following usage criteria:
-
Each user is assigned a unique ID,
-
User IDs and passwords can be edited at any time,
-
Passwords must be at least 8 characters long,
-
The application and resulting access to data in the database has based-on-permission controls limiting access to only authorized customers,
-
Each change of user login status is logged within each application
-
All logs are treated as confidential information and access to reports can be restricted using the permission system,
-
Reporting of this information is available within each instance of LiveChat,
-
If confidential data, personal data (i.e., names, addresses, phone numbers), or authentication information (i.e., passwords) is transmitted, LiveChat ensures security in transit using TLS 1.2 on the path from the data origin to the LiveChat’s network,
-
LiveChat’s security policy assumes customer data retention is permanent and is designed to that standard.