1. Home
  2. Snappie App Info
  3. Snappie & GDPR
  1. Home
  2. FAQ
  3. Snappie & GDPR

Snappie & GDPR

InstaServ Platform

INSTASERVTM is our proprietary content delivery platform, which enables us and our clients to customise captured content, deliver it instantly to users and easily control results through back end system.

All photos, gifs & videos delivered through INSTASERV Platform are branded and optimised for sharing by users to maximise visibility on social media.

Platform Hosting

Dedicated server rented in UK2 London hosting facility. CentOS operating system, CPanel control.

Access to the server is only possible through password-protected SSH protocol by dedicated and trained senior staff – Cezary Otowski (CTO) and Tonis Bramanis (System Administrator).

No external processes for backups of users data in database – MySQL database – not encrypted.

Physical Security of Hosting Facility
(according to UK2)

We own, manage and secure our London data centre entirely, meaning that no third parties can access your sensitive information. The data centre is equipped with optical, ionisation and heat detection sensors, along with VESDA fire detection. Staff are also on-site around the clock, ensuring your machine’s security at all times.

CCTV monitoring is in action at the data centre at all times and in all areas, complete with PIR motion detectors to highlight any adverse activity. The site is inconspicuous and operates a dual-factor entry system and stringent attendance logging. The site perimeter is alarmed and equipped with beam detectors.

The protection and maintenance of your data are integral to our operations; redundancy is built into our infrastructure as standard. Our systems are designed and built from the ground up to ensure your data is live and in-tact. The data centre has an N+1 generator power supply, 15 105kW DX CRAC units and intelligent cooling system to ensure optimal performance. Our surplus generators can power the site for days in the event of a long-term power disruption.

Photo / Video Page

This is the page where the user can see their photo, video or gif and share it on social media.

Developed hashed URL limits the possibility of accessing another user photo just by changing letters in URL.

Shares are done through networks SDKs, Huggity is not storing any user data from networks.

Link to documentation of used SDKs:

Facebook: https://developers.facebook.com/docs/graph-api/
Twitter: https://developer.twitter.com/en/docs.html

All transmission from Instaserv platform and to social networks is done over https.

Content Management System Security
(InstaServ / Snappie backend)

Custom PHP+JS management system, in which clients can see photos/videos and data of their users.

All communication is through https RESTfull API, access to CMS is password/session protected.

CMS is providing an option to delete every image (by Huggity team or by client),
which is a realisation of users right to be forgotten.

Emails

The user receives emails through Sendgid API. Transmission to Sendgrid is protected by https, API documentation is described here:

https://sendgrid.com/docs/API_Reference/index.html

The user receives html, not encoded email with https link to Single Page with his image.

SMS

The user receives SMS through Textmarketer API. Transmission to Sendgrid is protected by https, and API documentation can be found under link:

https://wiki.textmarketer.co.uk/display/DevDoc/API+Documentation

The user receives plain text SMS with link to Single Page with his image.

All transmission is secured from a technical point of view.

Logs

All actions in systems are logged.
All requests are logged.
No user data is logged in our logs systems (no personal data).
Logs are removed from the system after 3 months.

User Data in the Database

All data is removed manually, through the CMS system, after 12 months after activation (may be different on client request).

Access to CMS system: Mike Sikorski (CEO), Cezary Otowski (CTO) and dedicated Project Manager.

All Huggity staff undergo recent data protection and processes training.

Administration access

SSH connection is possible for the administration of the server.
Administration access to the server: Cezary Otowski (CTO), Tonis Bramanis (System administrator).

Updated on February 17, 2020

Was this article helpful?

Related Articles