Data and security
All the critical data like cPGuard logs and other privileged information related to domains and users is stored on your own servers and fetched using APIs when you open the App portal. We understand that you could be concerned about the security implications of one more additional service running on a custom port. It definitely adds a definite risk to your server, but we have taken utmost care and have carefully implemented the latest security features possible without compromising performance.
Login and Access
The App Portal Ul is accessible only to license owners and any additional users they have assigned access to. We use single sign-on with our billing account to log in to the portal. Details of customers like their username, password, address, billing information, cards and more are hosted separately on our management and billing servers.
Data stored in the App Portal
We make it a point to store only the data that is simply unavoidable for showing you information of multiple servers at a place. The backend of App Portal is designed to save only limited information regarding client servers to make it less complex and to adhere to the privacy rules.
Since statistics cannot be collected from multiple servers at once efficiently, (for displaying a consolidated dashboard or reports) we have to keep a summary of the various attacks in our database. We also store basic information about your servers like its IP address, hostname, operating system, main cPGuard module statuses, number of domains etc, which is basically everything you see in the dashboard and server list page in the app portal.
What we do not store
We do not store any logs in the portal including the domain names, additional IPs, or other sensitive information including client IPs, browser information, stats, and logs. All relevant information will request and load on demand using the agent service on the server.
All pertinent information collected and used by cPGuard (except mentioned above) is stored on your server and is requested and loaded on demand via API calls to the agent service running on the server. cPGuard uses a custom Nginx server that runs as a standard user and accepts only pre-defined procedures to run only cPGuard defined operations with controlled privileges.
The agent service running on custom port is not opent to public and requires the IPs of our cloud servers to white-listed on your server.
Communication between App and Agent
For security and encryption reasons, The UI loaded on your browser is not directly communicating to the Agent service on your server. The app portal backend is in between that accepts requests from the browser, encrypts them, and sends the corresponding API request to the agent.
All the API requests between the cloud and Agent are sent via HTTPS and protected with public/private key encryption methods. We use unique private/public keys for every server/license. We also have implemented several other security measures in place to prevent unauthorized access to your server and keep your data safe and secure.
No one at OPSSHIELD has access to your servers until you grant it via the support option for assistance and troubleshooting purposes. Additional login information shared while providing support access is available only to higher-level support agents. The stored details are cleared automatically after a fixed interval or when you revoke the access.
That said, the portal is designed to store only limited information and keep restricted privileges on the servers. If you need any further clarification regarding this, please feel free to reach us.