1 – We keep your data safe
All Harvest and Forecast accounts use SSL-encrypted connections by default—the same level of security used by online banks. You never send or receive sensitive information in plain-text. Additionally, industry-standard physical and remote security is administered at datacenter facilities.
2 – Your privacy is our focus
3 – How we stay reliable
Harvest achieves an average 99.9% uptime. All data is protected by hardware RAID over multiple data storage units. Critical servers have redundant power supplies and components are deployed in (at least) redundant pairs. Any system related issues are reported, and updated in real-time at HarvestStatus.com.
4 – Our data retention policy
We take our role as custodian of your data extremely seriously. Backups occur multiple times a day and are replicated to, at least, 2 physical data centers. Upon deletion we delete customer data immediately from our databases. Database backups are retained for 180 days and application logs (for assisting Harvest Support cases) are retained for 90 days. Customers’ activity logs are stored for 1 year.
5 – Our industry-standard practices
Harvest systems and processes adhere to industry best practices in security. All our inter-server and inter-data center communications are encrypted. Access to servers and customer data is strictly controlled and we keep an immutable audit trail for support-related data access. Learn more about how Harvest ensures the security of your data in our Security FAQ.
Harvest has a PCI-DSS Merchant Certificate, although we don’t store any payment information.
We rely on our server host’s audit, and they are SOC 2 certified.
Incident Report Plan
We maintain a security incident response plan to provide a framework to ensure that potential computer security incidents are managed in an effective and consistent manner. This document is reviewed at least annually.
6 – Our responsible security disclosure
Harvest maintains an active public program on HackerOne. We encourage all security reports to be made via our program on HackerOne. Alternatively, email a complete description of the issue to firstname.lastname@example.org including code samples and as much detail as possible.