How does Silktide security work?
This guide is designed to help understand any security considerations from using Silktide, from the perspective of an IT or security manager. It assumes some technical knowledge.
Silktide is a fully hosted software-as-a-service (SaaS) platform designed to test websites and help teams understand and improve them. Silktide runs on the cloud, hosted on Amazon Web Services (AWS).
All of the Silktide application uses SSL / TLS encryption, to secure data being passed between Silktide and our users. Access to Silktide is restricted to authorized users via username and password. Passwords are required to meet a minimum security level. Access to individual parts of Silktide – for example, access to a particular website – is limited to authorized users and roles.
What data Silktide stores
In most cases, our users are testing websites that are on the public internet. As such, the data stored by Silktide concerns publicly available webpages and is not highly sensitive.
There follows a list of data that Silktide stores which, depending on your organization, could be considered sensitive:
- Your list of users, including their names and email addresses.
- Logs of when users perform any action in Silktide, e.g., testing websites, approving spellings.
- Your list of search engine keywords, which you have chosen to optimize for.
- Any custom policies you have designed to test your websites (e.g., “all pages must avoid words in ALL CAPITALS”). These policies could theoretically be sensitive in some cases.
- All website content – see “Testing sensitive websites” below.
Testing sensitive websites
An important consideration occurs if you test websites not on the public internet, e.g., password-protected or otherwise secured websites.
Silktide record the access credentials used to access these websites, e.g., the username and password required, or the proxy authentication details required. Where appropriate, we recommend using fake credentials for testing, e.g., a dummy user with no sensitive data. In any case, we do not allow Silktide staff access to these details.
When a website is being tested, Silktide keeps a record of each tested page, including its HTML, CSS, images and other resources, screenshots of each page and changes to those pages over time. Depending on the nature of the website, this data could be considered highly sensitive.
When a user is deleted, all of their personal information is deleted immediately (e.g., name and email address). A log of their actions remains but is attached to an abstract identifier. This log can be deleted on request.
When a website is deleted, all configuration data (including login details) is instantly deleted. Some other data – such as screenshots – is earmarked for removal, and permanently deleted within 30 days.
Frequently asked questions
- Where is my data located geographically?
For EU and UK customers, all data is held in the Republic of Ireland. For customers in the rest of the world, all data is held in the United States.
- Can I install Silktide on my own premises?
Silktide is not available as an on-premise solution.
- Does Silktide comply with GDPR?
Yes. See our Data Processing Agreement.