Introduction
Whisk provides a robust platform to power connected and smart food experiences for third parties. Ensuring the confidentiality and availability of our customer’s data is of the utmost importance to Whisk.
Whisk’s security program is built with industry-standard security practices. We couple strong policies with automated tools and security controls to protect our customers and maintain a high level of trust and confidence.
This document provides an overview of the Whisk Security Program and Practices, including Data Collection, Physical Security, Employee Security Awareness, Incident Response, as well as an overview of the security features and functionality of the Whisk product. It also dives into the Application and Network architecture of the system.
Product & Data Flow Overview
Whisk uses Google Cloud Platform, an industry leader in security and availability, for data storage and processing. All data stored in Whisk inside Google Cloud Platform (GCP) is encrypted at rest, and logically separated from any other GCP client’s data. The data is stored redundantly in production and is also backed up at a geographically separate location.
Data being sent to Whisk originates from a variety of sources including:
- JavaScript on a website
- Library within an iOS or Android application
- Server-side libraries on customer’s infrastructure
- REST / GRPC API calls
For API integrations, a developer programmatically defines which actions and corresponding details of those actions they wish to track with Whisk. Whisk only tracks those actions that have been programmatically defined in the source code.
When a user visits a third party website or application with Whisk instrumented, the details of their interactions are captured and sent to Whisk through API calls over HTTPS. All data transferred over HTTPS is encrypted. Furthermore, all data is encrypted at rest.
Customers API, customers access data through a number of APIs that are authenticated through OAuth 2.0 standard .
In general, Whisk access does not record an audit trail to the individual user level. See the Compliance section for more information on this topic.
Data Processed
Whisk processes data only from the websites or applications where Whisk’s library or SDK has been installed by a customer, or from other Internet connected devices that initiate requests to Whisk’s API.
While Whisk relies upon third parties we do not send customer data to them. Customers who implement our JavaScript libraries install cookies on their site/application by default. However, cookies are not required, as Whisk offers a server-side integration as an alternative option.
Examples of processed data:
The following are common examples of user behavior data that customers use Whisk to track:
- Website views
- Button Clicks
- Product purchases
- Recipe interests and searches
Examples of prohibited data
It is important to note that certain sensitive information should never be sent to Whisk.
- Credit Card Information including credit card numbers
- Social Security Numbers
- Driver License Numbers
- Passport Numbers
- Government Issued Identification Numbers
- Financial Account Information
- PII collected from children under the age of 13
Data Center Security & Location
Whisk servers that persistently store customer data are hosted by Google Cloud Platform. Data is stored and processed in GCP’s data centres in Europe. GCP’s data center is SOC 1, SOC 2 and SOC 3 compliant. Additionally, Google logically isolates each customer’s Cloud Platform data from that of other customers and users.
Global Distribution
Whisk has been architected to receive data from many regions around the globe. Data is collected from users’ devices and customers’ servers via our REST API endpoints.
Whisk maintains endpoint clusters and uses dynamic DNS to route requests to the endpoint that is geographically closest to the client. These endpoints queue the incoming data and perform initial validation and sorting.
Data Center Features
All GCP Data Center facilities include:
Strict access security:
- custom-designed electronic access cards
- alarms
- vehicle access barriers
- perimeter fencing
- metal detectors
- biometrics
- data center floor features laser beam intrusion detection.
Monitoring:
- 24/7 high-resolution interior and exterior cameras that can detect and track intruders
- access logs
- activity records
- camera footage is available in case of incident
Personnel:
- patrolled by experienced security guards
- rigorous background checks and training
Power availability:
- redundant power systems
- environmental controls
- diesel engine backup generators - enough emergency electrical power to run at full capacity
- cooling systems
- fire detection and suppression equipment
Data Protection
All data sent over HTTPS to and from Whisk uses 256-bit encryption in transit. Data flows from the API clusters to the production data stores via GCP’s backbone network infrastructure. Data is encrypted at rest, and it is stored in a proprietary analytics database format (i.e. not an off-the-shelf database). This database infrastructure was designed for high-speed queries with security in mind. Additionally, Google logically isolates Whisk’s Cloud Platform data from that of other customers and users
Each Whisk project is logically separated from all other projects, so although the data is stored on shared hardware, the database architecture prevents data in one project from leaking into other projects.
Application Security
Whisk maintains a robust and comprehensive application security program. Security is an integral part of our entire development process:
- At design time, through security design reviews and threat modeling.
- At implementation time, with comprehensive security development training
- At deployment time, with strict manual and automated code review requirements and automated deployment processes.
- In operation, with ongoing automated vulnerability scans, and monitoring controls to identify denial-of-service attacks.
Application monitoring controls are in place to identify denial- of-service attacks.
Application Architecture
Security Policy
Whisk maintains compliance with the most demanding, security conscious enterprises.
Security Configuration
Configuration
Security risk analysis is conducted when implementing new components in production or development environments. Every change to application code is thoroughly reviewed for functional and security issues. A standard base image is used for all new systems, which are deployed by GCP. Machines are then customized to fit their role. These procedures are documented.
DMZ
Following industry standard best practices, Whisk implements a “De-Militarized Zone” (DMZ). The DMZ is used to limit inbound and outbound traffic only to protocols that are necessary for the secure data environment. Firewalls have been implemented at each Internet connection and between the DMZ and internal network zone.
Vulnerability scans and audits
We run automated network vulnerability scans on an ongoing basis. Third-party penetration tests are performed annually. Penetration tests include testing against the network perimeter from the Internet. High-risk vulnerabilities are resolved within 90 days of discovery.
Updated and Anti Virus software
Whisk uses Linux for all production systems. Our strategy to protect our Linux servers is to focus on making our production systems immutable and frequently recycle them. This prevents malware from gaining a persistent foothold, and ensures that there is a minimal window in which malware could stay memory-resident. Whenever a new vulnerability is discovered, software is updated within a month.
Monitoring
Whisk employs an in-house Security Information and Event Management platform, which provides 24x7x365 monitoring and alerting for security incidents in our networks and systems. Our SIEM collects information from our corporate infrastructure, from our cloud hosting provider, and from our production services, providing a comprehensive view of security-related activities at Whisk.
Google, our cloud hosting provider, adds further layers of monitoring, inspecting internal traffic at many points across their global network for suspicious behavior, such as the presence of traffic that might indicate botnet connections. Their network analysis is supplemented by automated analysis of system and network logs to identify unusual behavior, such as attempted access of customer data.
Access Control Measures
Access is granted to production servers only as required and is provisioned on an as- needed basis.
Incident Response
The Whisk Incident Response Team employs industry-standard diagnostic procedures to drive resolution during business-impacting events. Any and all suspected or confirmed Data Security Incidents must be immediately reported to the Data Protection Officer. The DPO will engage the Incident Response Team and coordinate with management and the Legal Department to determine appropriate actions that will be taken in accordance with this policy to meet Whisk’s legal obligations and to prevent or mitigate impact to consumers, employees or Whisk resulting from a Data Security Incident.
Roles and responsibilities of all individuals on the Incident Response Team are well documented in Whisk’s Data Security Incident Response Plan.
Business Continuity and Disaster Recovery
Whisk maintains a Disaster Recovery (DR) plan for our service. This plan is updated regularly. All data in the production environment will be frequently snapshotted and stored durably in multiple geographic locations in the US. Backups are maintained for the duration of the customer relationship and for one year after the termination of an agreement unless otherwise specified or required by law.
Compliance
Whisk can be implemented and used in such a manner that will maintain compliance with various regulations such as the Health Insurance Portability and Accountability Act (HIPAA). Whisk operates as a Business Associate so that our healthcare customers can use the Whisk services in compliance with applicable laws. By default, Whisk does not receive any protected health information (PHI) or personally identifiable information (PII) data. Whisk can be safely deployed in a healthcare environment without impacting HIPAA compliance obligations provided that only the Whisk website or applications are used to access data, as Whisk does not currently have an auditable log for API access users.
EU Considerations:
Whisk has a considerable presence in Europe and works with customers that employ some of the strictest security requirements.
Whisk is developing the policies, procedures, and enhanced security measures required by the EU General Data Protection Regulation (“GDPR”), which came into force on May 25, 2018. Whisk is committed to its compliance with the GDPR and the protection of its customer’s data.
Notices
This document is provided for informational purposes only. It represents Whisk’s current product offerings as of the date of issue of this document, which are subject to change without notice. Customers are responsible for making their own independent assessment of the information in this document and any use of Whisk’s products or services, each of which is provided “as is” without warranty of any kind, whether express or implied.
This document does not create any warranties, representations, contractual commitments, conditions or assurances from Whisk, its affiliates, suppliers or licensors. The responsibilities and liabilities of Whisk to its customers are controlled by Whisk agreements, and this document is not part of, nor does it modify, any agreement between Whisk and its customers.
Companies trust Whisk with data for over 100,000,000 users on a monthly basis. Whisk is committed to investing in our platform to allow companies to leverage our services in a secure and transparent manner.
Do you have additional questions? Feel free to contact us. We're always happy to help.