Catalog data Location and Protection
Catalog Data is your store’s product catalog data or the site content data that you send to Bloomreach as part of your Integration.
For detailed legal reading on the following topics, you can refer to the Bloomreach Services Privacy Notice.
Data location
Bloomreach Discovery uses Amazon Web Services (AWS), a robust third-party cloud vendor, to store your Catalog data and all other account data.
All the Catalog data is stored in the US East region (Virginia).
Other account data can be stored in the following regions:
- US East (Virginia)
- EU West (Ireland)
Please note that this account region cannot be changed after the account has been created. To use a different region, you must create a new account.
AWS offers a multi-tenant, geographically distributed environment to support the availability of services through the use of redundant architecture. It is guaranteed by the vendor that data is distributed amongst a shared infrastructure through a distributed file system designed to store extremely large amounts of data across many servers.
Data backups and deletion
Backups
We use an automated system to perform routine backups of all Catalog data. These backups are performed regularly following the Bloomreach Discovery standard backup and retention scheme.
Here is the backup schedule followed for Catalog data under the scheme:
- Daily backups - Retained for 1 week
- Weekly backups - Retained for 1 month
- Monthly backups - Retained for 1 year
All Catalog Data Backups are held on AWS servers in different locations across the:
- US East region
- EU West region
Deletion
After 30 days from the end of the contract (termination date), Bloomreach will delete all “Customer Data” (see MSA 1.5) in Bloomreach’s systems, under their control or otherwise in their possession.
Note that this shall not apply to the following stored in internal systems:
(a) data in logs;
(b) aggregated data, and
(c) data stored for statistical purposes
You still have the option to cancel your termination in the 30-day window after contract termination till your data is deleted.
Data protection
Bloomreach stores and processes your site’s Catalog data with all adequate privacy measures in place to protect it from unauthorized access or misuse.
We receive your Catalog data during integration through our Catalog Management APIs, which work over the TLS protocol to ensure security.
The subsystems that process and store catalog data are end-to-end encrypted, and the vendor (AWS) assures that they follow best practices for global privacy and data protection.
Inside the Bloomreach application, data at rest uses AES encryption, and data in transit uses the TLS protocol. Our encryption utilizes encryption keys, which are managed by Amazon (see Data Encryption in Amazon AWS).
Disaster recovery
Blooreach Discovery has implemented a Disaster Recovery Plan to prevent data loss and ensure quick recovery in case of hardware failure, natural disasters, or other catastrophes. Bloomreach Discovery’s architecture setup strives to minimize any possible interruptions.
This is ensured mainly by redundant components located in separate zones. The data centers are connected through multiple encrypted network links and interfaces.
As additional prevention, we also have a disaster recovery program where we test recovery components periodically and after any significant change in a particular component.
We maintain multiple on-call independent support trams to assist Bloomreach employees and you with addressing incidents or potential data breaches. All incidents are logged in an incident management tool, and this information is distributed automatically to internal stakeholders.
Updated about 2 months ago