Data storage and retention
We make sure that we only store the data that is required for running Parabola flows as long as its needed and, where possible, all data that we do store can be deleted on request. All data is encrypted at rest and in transit.
The most sensitive data that Parabola stores is the data that you process with Parabola (through uploading, integrating, creating, or otherwise pulling it into a Flow). We are extremely careful with that data, and it is our highest priority to ensure it is secure.
We make sure to only store the data that is required for running your Parabola Flows as long as its needed. With the exception of files directly uploaded to Parabola, data in a flow is stored for a maximum of 14 days, or until the next time the flow runs.
Sensitive data, like access tokens for integrations, are stored in a separate table of our production database under additional protections and more restricted access privileges. Like all data in Parabola, these are encrypted in transit and at rest.
When a step, file, Flow, user, or team is deleted, all access to its associated data and settings is also deleted. This excludes backups, which can be deleted or restored at the request of the customer who owns that particular flow. Backups are stored for a maximum of 30 days before being deleted.
The following is a list of the types of data we store:
- Personal Account Information Any personal details, such as your name and email address, that you provide when creating a Parabola account will be stored for as long as your account is active. At any time you can request your account be deleted and this data will deleted from our systems.
- Personally Identifiable Information (PII) We use a number of different tools to help us track usage of the product such as server logs and analytics tools (Google Analytics etc). These tools may receive personally identifiable information such as your computers IP address and in some cases your name and/or email address. Inline with the GDPR you can request any PII that we store, to be removed from our systems and any subprocessors we use. Server logs are kept for 6 months at most.
- Authentication Data To allow Parabola flows to process data between different 3rd party services on your behalf, we will often require you to provide authentication to these 3rd party services in the form of usernames, passwords and access tokens (including from the result of OAuth authentication flow). This sensitive authentication data is encrypted at REST in our databases, using strong 256 bit encryption, and will be removed if you delete the authentication in question or your Parabola account.
- Flow Data When you run a flow on the Parabola platform, we need to store various stateful data as part of the execution process and for post execution logging. We store the meta data for each flow (which steps are used, how they are connected, authentication, and settings) for the life of the flow, and delete it when the flow is deleted. Data that is pulled in and passed through the flow is stored in memory, never written to disk, and is deleted after 14 days, or when the flow runs again. Data that is uploaded in the form of a file (CSV, Excel, JSON, etc.) is stored in our secure Amazon S3 buckets and is stored until the the flow is deleted, or the organization is deleted.
- Account Logins We use strong SHA256 hashing derived from PBKDF2 with salts when storing your account passwords. These hashed passwords are deleted if you delete your account.
- Backups We store regular backups of all important information. These backups are encrypted and stored for a maximum of 30 days before they are removed.
Data we collect for analytics
Parabola collects email addresses and names of our customers (during the sign up process) to use in our analytics subprocessors. Usage data from the Parabola platform is also collected and sent to our analytics subprocessors.
Data that is uploaded, created, integrated, or otherwise pulled into Parabola and displayed as "results" of any step is not sent to any analytics subprocessors. This data is saved and used only to ensure the functioning of the flows that you create and use on the Parabola platform.
Passwords and other sensitive fields are also masked from being sent to analytics subprocessors.
Pentests, Vulnerability Scanning and Bug Bounty Program
Parabola uses third party security tools to continuously scan for vulnerabilities. Our engineering team prioritizes and responds to issues raised based on severity.
Annually, we engage third-party security experts to perform detailed penetration tests on the Parabola application and infrastructure.
Parabola gives security researchers a way to submit vulnerability reports. Read more about that on our Security page.
Support for MFA, 2FA, or SSO
We do not offer MFA or 2FA at this time, but may add it in the future. SSO is supported via any SAML provider.
Network access to Parabola's production environment from open, public networks is restricted and must pass through AWS Cloudfront and modern, restrictive firewalls. Testing and development systems are not able to access production infrastructure systems and all production servers are hardened.
Parabola load balancers only accept traffic from AWS Cloudfront.
All network devices deny all access by default.
Who can access my flows?
By default everything in your flow is private to you unless and until you add a team member as a collaborator on your flow.
With your permission, our Support Team can get read-only access to help you troubleshoot your flows, but we have strong controls in place to prevent anything happening without your permission.
The current password requirements for Parabola are:
At least 8 characters
At least 1 number
At least 1 symbol
At least 1 lower case letter
At least 1 upper case letter