Data Flow and Security Overview

Schema App provides two means of data transfer. Initially, the service is configured by either a Business user or by the Schema App Customer Success Manager (CSM) assigned to the account. This user or CSM sets up the configuration in https://app.schemaapp.com which is then exported to an Object Store (S3), and available on our Content Delivery Network.  These user sessions are logged into the application with encrypted data in transit (HTTPS) and at rest (Database encryption).  

The second means of data transfer is with WWW users who access pages with Schema App deployment, and in this case, the deployment options are chosen by the team to affect how this is done.  However, typically we use a Javascript library that is embedded via a Tag Manager and runs on webpages. On page loads, the Function will load configuration from the CDN to conditionally apply a mapping of HTML elements to Schema.org vocabulary and outputs the resulting data into a <script type=”application/ld+json”> element.

Security Basics

It is important to note that all information stored is publicly available within the content of the website and indexable by search engines. 

• Data is kept within AWS. AWS maintains SAS 70 Level 2 certification 
• All data is encrypted both during transit, HTTPS SHA-256 with RSA Encryption
• PCI Data Security Standards 3.2.1 Level 1 Service Provider
• Data at rest uses 256-bit length keys and accessed over SSL
• We have automated Veracode dynamic scans of our application
• Principle of Least Privilege is applied, including periodic review of PLP
• Internal policies are in place outlining the safe handling of customer information
• All Schema App employees are required to participate in cybersecurity training courses
• Our Privacy Policy can be found here.

The above is by no means an exhaustive list and its intended purpose is to provide a brief overview of some of the security measure Schema App has in place. For more information please contact support@schemaapp.com.