Backup and restore
See backup policies and the recovery point objective (RPO) and recovery time objective (RTO) for various schedules.
Compliance guidance and shared responsibilities
Data access and disclosure.
Data breach notification
If a data breach occurs, we will execute a breach notification and response process in accordance with our Data Breach Policy.
As part of our normal business operations, we collect various types of data.
Data deletion is handled via our backend providers. When a volume is released back to the provider, the provider performs a wipe on the data utilizing NIST 800-88. This wipe is done immediately before reuse.
Learn about when data from your projects leaves the region where it’s stored.
Platform.sh logs and stores various types of data as a normal part of its business. This information is only retained as needed to perform relevant business functions. Retention periods vary depending on the type of data stored. If a legal obligation, law enforcement request, or ongoing business need so requires, data may be retained after the original purpose for which it was collected ceases to exist.
Platform.sh has taken numerous steps to ensure GDPR compliance.
Platform.sh HIPAA Compliance
Platform.sh is PCI DSS certified.
The Platform.sh service has a protective blocking feature that, under certain circumstances, restricts access to web sites with security vulnerabilities. We use this partial blocking method to prevent exploitation of known security vulnerabilities.
Strong customer authentication (SCA)
In accordance with Article 14(1) of the Commission Delegated Regulation (EU) 2018/389, Platform.sh has implemented strong customer authentication (SCA) for customers using payment methods from the EU.
Transparency & abuse reports
Platform.sh provides two reports on an annual basis according to the EU Digital Services Act Package, French law, and European Data Protection Board’s requirements and recommendations outlining transparency and abuse during that year. The contents of that report are listed below, and can also be downloaded as a PDF.
The Platform.sh Rule: Update Early, Update Often
Platform.sh understands the need for application owners to ensure the integrity, and standards compliance, of their applications. Because there could be adverse impacts to other clients which would violate our terms of service, we only permit certain types of tests.
Platform.sh is WCAG 2.0 compliant
Enterprise and Elite projects on Platform.sh come with a Web application firewall (WAF) at no additional cost, which monitors requests to your application and blocks suspicious requests according to our ruleset. WAFs can be an important line of defense against well-known exploit vectors that can otherwise make an application vulnerable to malicious requests and distributed denial of service (DDoS) attacks.