Updates, Privacy, ToS, and Security

Privacy Policy Linked Here

Security General approach

Streamline Data, Inc. (“Streamline”) is a distributed data science and engineering company. All data analytic work done for clients will be done using Chromebook computers managed through G-Suite. All data storage will be on Google Drive and all data analysis will be performed on Google Cloud Platform. Streamline has a policy of encrypting data both in transit and at rest. Streamline employees will be sandboxed to only access specific data required for creating data pipelines and only for the duration necessary to set up and maintain those pipelines. Further details are provided below.

Chromebooks and G-suite. All Streamline employees will use Chromebooks managed through Google’s enterprise software G-suite when interacting with customer data or private information. Streamline Chromebooks are remotely managed, encrypted, and centrally administered. All Streamline Chromebooks will be set up to require 2-factor authentication and can be managed remotely including remote de-authentication, screen locking, and device wiping (https://gsuite.google.com/products/admin/mobile/). For additional information on Security of G-suite devices please see (https://gsuite.google.com/security/).

Antivirus and Firewalls. All Streamline employees will use Chromebooks managed through Google’s enterprise software G-suite. Chromebooks use the principle of "defense in depth" to provide multiple layers of protection, so if any one layer is bypassed, others are still in effect. Chromebooks employ automatic updates and security patches, sandboxing, verified boot and data encryption at rest to protect against intrusion. See https://chromeenterprise.google/os/security/ for more details.

Access Management. Streamline employees will be assigned access to client data and execution code through Google IAM and Google Apps access management. Only Streamline employees approved by a client to work on a specific data set will be given authentication access to the data for each customer.

Project Management. Streamline employees will use Basecamp Project Management Software for interacting with customers and managing customer information. This provides an additional layer of security since customer information will be restricted to Basecamp projects only accessible by employees assigned to a customer’s project. Information uploaded to Basecamp is encrypted both in transit and at rest.

Google Cloud Platform Security. Customer Data will be processed on Google Cloud Platform and stored in Google Cloud Storage. Data will be encrypted in transit and at rest on Google Cloud Platform and stored for the minimum time required (generally less than 4 hours) during processing. Long term storage of customer data will be in a managed BigQuery project for the customer. BigQuery access will be managed through security keys. For more information on Google Cloud Platform Security see: https://cloud.google.com/security/overview/whitepaper.

API Key Management. Streamline will have access to private keys and account information from our customers for extracting data from APIs, databases, files, and other computer systems. Each customer key will be managed using Google’s Cloud Secret Manager with access restricted to only the Streamline employees directly responsible for the development or maintenance of a customer’s data pipeline using Google User Authentication Management. Where possible, keys will be IP restricted to ensure they can only be used from Streamline infrastructure.

Code Management. Code to implement Streamline pipelines will be stored and distributed via private Github repositories under the Streamline Data Science Organization (https://github.com/StreamlineDataScience) and access to relevant codebase will be managed via Github Teams.

Audit Logs. Standard audit logs for G-suite activities and Google Cloud Platform will be collected and reviewed on a regular basis. Customer audits of G-suite and GCP audit logs are available upon request and at cost to customers.

Critical Data Backup and Recovery Procedures. All data provided to Streamline will be processed on Google Cloud Platform with restricted IP access. Client and third party data will only be stored for the minimum period required for analysis. No data backups will be provided and all identifiable data will be deleted at the completion of the Streamline service. Data will be stored in a managed BigQuery dataset for the client. BigQuery access will be managed through security keys. For more information on Google Cloud Platform Security see: https://cloud.google.com/security/overview/whitepaper By default BigQuery addresses backup and disaster recovery at the service level. BigQuery also maintains a complete 7-day history of changes against tables and allows queries of a point-in-time snapshot of customer data by using either table decorators or SYSTEM_TIME AS OF in the FROM clause. Additional data backups will be provided at an extra charge to customers. All non-anonymized data will be deleted at the conclusion of the Streamline service.

Confidentiality. Streamline employees’ access to information and data is strictly limited to specific information and data relevant and necessary to perform job-related duties.  Streamline employees receive standard training in data privacy, good security practices, and reporting requirements. Streamline employees acknowledge: Streamline will maintain the privacy and confidentiality of information and data obtained, including storage and disposal. Before sharing information with others, electronically or otherwise, reasonable efforts will be made to ensure the recipient is authorized to receive that information or data. Workplaces will always be protected. All documents and data carriers will be returned as soon as a job is completed. Employees will sign/acknowledge client data and security policies as appropriate.

Notification. When Streamline becomes aware of any data breach affecting customer data, we will notify clients within 24 hours of identifying the problem and provide ongoing updates as appropriate on the status of any data breach.

GDPR and CCPA. As a data processor for our customers we abide by the GDPR, CCPA and relevant local data processing laws. We enter into an agreement with each customer respecting the rights and obligations that our customers (as Data Controllers, per the GDPR) and we (as Data Processors, per the GDPR) will have with respect to personal information. Our policy is to respond to all GDPR Data Subject requests within 10 business days of receipt from our customers.

Additional Security Requirements. Streamline Data Science is a cloud-based company and will process customer data on the cloud platforms as described. Up to that constraint, Streamline is happy to work with clients to ensure that we comply with their data security requirements. If there are specific levels of data security or protocols required by your company, please contact cdrain@streamlinedatascience.io so that our team can understand and establish the security requirements necessary to work with you.

For questions about our privacy or security policies or about our terms of service, please reach out to contact@streamlinedatascience.io

Last updated 10/13/2022

Major updates listed here: