Newired's Security and Privacy
Security and Privacy are built into Newired’s core principles. Newired empowers users to decide whether to collect data, giving them control over analytics.
Newired maintains rigorous privacy and security standards, ensuring compliance with global regulations to earn and keep the trust of its customers worldwide.
Our Security
At Newired, safeguarding our customers’ information is our top priority. We firmly believe that ensuring robust privacy depends on implementing robust security measures
We engage extensive measures to protect your data, tailored to the specific characteristics of the personal information and the potential threats it may face. Our ongoing commitment is to continuously enhance this shelter in order to maintain the security of our customers’ personal data.
Confidentiality is a core pillar of Newired's security approach. We protect it through data encryption, strict access controls, data minimization, secure infrastructure, employee training, NDAs, regulatory compliance, third-party scrutiny, and incident response plans.
We maintain data integrity through various mechanisms and practices such as: encryption, access controls, monitoring, redundancy, change management, data validation, and compliance with industry standards and regulations.
Availability is a crucial aspect of security at Newired, as it ensures that our services and systems are accessible and operational when needed. The key elements of Newired's availability-focused security strategy include redundancy, load balancing, backup and disaster recovery, continuous monitoring, scalability, and incident response.
Your Privacy
What sets us apart is our unique offering:
Newired is the only Digital Adoption Solution that empowers you with the authority to choose whether data is collected or not, what type of data is collected (anonymous or private), and where the data is stored.
Trust Center
Compliance
Does your organization comply with the General Data Protection Regulation (GDPR)?Yes
Is your organization SOC 2 Type II compliant?
On Roadmap for 2024
Is your organization ISO27001 compliant?
Yes
Product Security
Does your product offer self-serve user management for adding, removing, and managing existing users?
Yes
Can users sign in to your product using security assertion markup language (SAML) single sign-on (SSO)?
Yes
Can users sign in to your product using single sign-on (SSO)?
Yes
Can authentication of system users be done using Kerberos or mTLS?
Content creators can be authorized using OAuth2/OpenID Connect standards, including Kerberos, to capture and record content.
When integrating with a business application, the user identity passed to Newired can be obtained from the application. We offer an API and customization support to facilitate this type of integration.
Is an AD or LDAP connection for user rights supported?
Content creators can be authorized using OAuth2/OpenID Connect standards, including AD, to capture and record content.
LDAP in roadmap for 2024.
If traffic between your backend and frontend/client components must be encrypted.
Our solution satisfies this requirement by utilizing the HTTPS protocol to encrypt all traffic between the backend and frontend/client components. This encryption ensures that all communication is secure, and any content transferred between the backend and frontend/client components is fully encrypted. If the underlying application and server providing content are also using HTTPS, this further strengthens the security of the traffic.
Data Security
.Does your organization encrypt data in transit?
In our organization, internal communication adheres to a standard procedure without encryption. On the other hand, external communication is encrypted to safeguard data when transmitted outside our network.
Privacy
Does your organization have a privacy policy?
Yes
Does your organization have a data retention policy defining where and for how long data is stored or archived?
Yes
Does your organization have a data processing addendum or agreement outlining its terms for the processing of personal data?
Yes
Does your organization have a procedure that enables individuals to request to have their personal data erased from its data storage systems?
Yes
Please write to security@newired.com
Does your organization have a dedicated data protection officer (DPO) who ensures compliance with privacy laws and regulations on personal data?
Yes
Please write to security@newired.com
Which data does Newired collect from final users?
APPLICATION PRIVACY POLICY – Newired Digital Adoption Solution
Can Newired take control of the underlying application?
No, Newired does not have the capability to take control of the underlying application. Newired’s platform is designed to provide interactive guidance and user support within existing applications, enhancing the user experience and facilitating user onboarding. It does not possess any invasive control over the underlying applications themselves. Instead, Newired operates as an overlay, offering guidance and support features that help users navigate and utilize the application more efficiently. Its purpose is to assist users in understanding and maximizing the functionality of the application without interfering with its core operations or functionalities. This approach ensures that the integrity and security of the underlying applications remain intact while providing users with an improved and intuitive user experience.
Cloud hosting setup
Our cloud setup at Newired is fortified with enterprise-level security and single tenancy, ensuring the utmost protection and confidentiality of sensitive data. We monitor our systems in real time, perform regular manual maintenance, including software updates, and have a dedicated server and network administrator overseeing these tasks. This comprehensive approach guarantees that our clients’ data is safeguarded, allowing them to focus on their core business activities with peace of mind. Our commitment to providing a secure and reliable cloud environment reflects our dedication to maintaining the highest standards of data protection and service excellence.
When the contract expires, can I get my data/content/etc. back to be reused somewhere else?
Absolutely, at Newired, we understand the importance of data ownership and portability. When your contract with us expires, you retain full ownership of all your data and content. We do not claim any ownership rights over the data or content you have created or uploaded onto our platform. As part of our commitment to transparency and customer satisfaction, we ensure that you can easily download and export all your data and content from our platform, enabling you to reuse it or migrate it to another platform of your choice. This process empowers you with the freedom to manage your data according to your specific needs and preferences.
Incident Management and Response
Does your organization have a data breach notification policy that outlines how users will be notified of an unauthorized disclosure of their data?
Yes
Does your organization have an incident response plan to help employees detect, respond to, and recover from network security incidents in areas like cybercrime, data loss, and service outages?
Guidelines for managing operations and responding to incidents necessitate the logging and examination of incidents, followed by appropriate actions, such as implementing system changes if required.
A documented formal plan for incident response and a standardized form for reporting incidents are in place to instruct employees on the procedures for reporting security breaches and incidents. The incident response plan ensures a structured approach to resolving and escalating reported events. It also incorporates protocols for notifying both internal and external users of incidents, advising them on necessary corrective measures, and mandating a “postmortem” review.
Availability and Reliability
Does your organization use service monitoring tools to evaluate the health of its servers?
Newired utilizes tools to measure processing queues, ensuring the timely processing of incoming data and real-time monitoring of results. It identifies any lost data during processing, automatically creating alerts for the Engineering team. The Engineering team promptly addresses these alerts. When processing errors occur within Newired’s application, the company follows the change management process, initiating a change ticket to investigate and resolve the error.
Certifications and attestations
Newired is ISO 27001 certified, and our hosted customers benefit from SOC 2/SOC 3 compliant hosting providers.
You can download our ISO 27001 certificate.
