Sensitive data
As with any third-party service it’s important to understand what data is being sent to Controlant, and where relevant ensure sensitive data either never reaches the Controlant servers, or at the very least ensure sensitive data is not stored.
We recommend filtering or scrubbing sensitive data prior to transmission, so that data is not sent to Controlant.
We also recommend configuring server-side scrubbing to ensure the data is not stored.
There are two great examples for data scrubbing that every company should think about:
PII (Personally Identifiable Information), e.g. user's name or email address.
Authentication credentials, such as tokens and passwords.
Restricting emails
It’s common that compliance within your company may mean that data can only be transmitted over SSL and stored in a secure manner. One common area this comes up is with email notifications.
By default Controlant will send a large amount of data as part of the issue notification. In some cases this data may be geo-location data or other user data.
We advise you to consult your compliance officer or IT department regarding your companies compliance rules and then get in touch with your Controlant account manager to solve any compliance related issues.