Data Security

How secure is spareparts.live?

Our products and services are designed with a high level of security in mind. With our product and services, you can always be assured that any data stored by us remains safe, confidential, and accessible. By ‘safe’ we mean that the data will be protected against any type of loss or corruption, ‘confidential’ means access to the data is granted only to authorized personnel, and by ‘accessible’ we ensure that the data is available to authorized users whenever required.

How do we handle data

Our products and services are build to enable the creation and delivery of visual navigation, using images and drawings, for websites. Our solution helps you to provide better service to your customers or service organization by improving selection and ordering processes.

Providing the highest level of security for our Users and meeting the requirements of the GDPR and other privacy regulations, we do not save any personal data of our Users’ Visitors by default. Our architecture was designed in a way we can offer aggregative and meaningful data without risking private data of our Users and our Users’ Visitors.

The service only works when the user adds their personalized script with domain access token in the heading area of their web pages. When a Visitor accesses the web page, the script fetches the appropriate configuration and applies the functionality with content browser-side by adding the content into the DOM as it loads. The spareparts.live service only interfaces with the front-end of the User’s website and does not require any access to their backend system or database. All data is sent via secure https.

What data we capture

User data

When a user signs up to our services, we store the data provided through the signup form, such as their email address and their website. For paying users we store data that is legally required to be able to send a correct invoice. It is each User’s voluntary decision whether to provide us with any such personal data, but refusal to provide any required data may result in us not being able to register the User and not being able to receive our Services.

Users’ Visitors data

By default, spareparts.live only collects non-identifiable information about our Users’ Visitors.
The service stores the following information for the Visitors who visit the User’s website:

  • Events performed during the Visitor’s sessions on the website.
  • Platform and browser used.
  • The country browsed from.

Where do we store data

Our services are hosted on leading, high-security servers of Amazon and SafeDX in the EU and other jurisdictions as needed for the proper delivery of our Services and / or as required by law. For more information, please visit: http://www.amazon.com and https://www.safedx.eu.

Service providers that store or process your Personal Information on our services behalf are each contractually committed to keep it protected and secured, in accordance with industry standards and regardless of any lesser legal requirements which may apply in their jurisdiction.

How do we protect data

Code security

Our code is stored in a GitHub system. We employ strict role-based security/passwords for access to the code. Commits to production code are strictly reviewed and approval is restricted, after passing Unit Testing and QA in Test and Staging. There is a daily backup of the database data in Amazon Web Service’s (AWS’s) S3 storage service. For further information, please visit https://aws.amazon.com.

Application access

Users are always connected to the spareparts.live web application via HTTPS using Secure Sockets Layer (SSL), a cryptographic protocol that is designed to protect against eavesdropping, tampering, and message forgery. Users can assign roles and permissions to team members given access to the account or selected domains added to the account to ensure the appropriate level of access to their account.