How and where does CDI store data?
Data submitted in the Perspectives program, including personally identifiable information, is stored in three locations:
- GuidedTrack servers
- CDI servers
- Alchemer servers
GuidedTrack servers
Constructive Dialogue Institute (CDI) uses a third-party service provider, GuidedTrack, to build and deliver our online learning program, Perspectives.
Data submitted on GuidedTrack is stored on servers hosted by AWS, Heroku, and IBM Cloudant. All three services are SOC 2 certified (links to documentation here: AWS, Heroku, IBM Cloudant).
GuidedTrack provides encryption in transit and at rest. GuideTrack uses SSL encryption in transit, and at-rest encryption is a feature of Heroku Postgres (which uses AWS technology) and IBM Cloudant.
CDI periodically verifies that GuidedTrack maintains adequate internal security and privacy policies and procedures. Among other security best practices, GuidedTrack restricts which employees have access to sensitive data, and their computer security requirements policy details necessary steps for those employees, such as full-disk encryption, strong passwords, and automatic locking.
GuidedTrack’s Heroku servers are located in the U.S., and its IBM Cloudant servers are located in Washington D.C.
CDI servers
CDI uses Amazon DynamoDB for the storage of certain data submitted in the Perspectives program, and this date is encrypted at rest. We further protect the data by enabling multi-factor authentication on all accounts accessing DynamoDB.
CDI forwards data collected from our GuidedTrack learning program to our database in DynamoDB, which is SOC 1, 2, 3 certified. We de-identify the data as we claim, by separating participant data across multiple tables and enforcing role-based access permissions. For instance, questionnaire and participant progress data are stored in separate tables that are stripped of participants’ PII, and members of our Research team who analyze the questionnaire and progress data do not have access to the PII table.
CDI’s AWS servers are located in Ohio.
Alchemer servers
CDI uses the survey tool Alchemer to collect longitudinal impact data. Alchemer data is stored on servers hosted by AWS, and their data is encrypted in transit, at rest, and on all backups. Alchemer is SOC 2 certified (see pg. 20 of its Security Whitepaper for its list of certifications).
Alchemer’s AWS servers are located in Virginia.