Our infrastructure is 100% cloud-based and provided by AWS. This affords us the ability to leverage the security and reliability of the world’s largest cloud provider.
Where is data stored? What data is stored?
Data is stored in our database and S3 buckets which are both located in the AWS US-East-2 data center. There, all data is encrypted at rest with AES-256 as well as during transit to and from with TLS v1.2 and above.
The pieces of data which are collected and stored for dashboard users are:
The pieces of data which are collected and stored for visitors are:
Passwords for dashboard users are stored in hashed form, resulting in our Database Administrators or anyone accessing the database to not be able to view them.
Only a single secure cookie is used in the application for the purpose of maintaining dashboard sessions. We do not track users with cookies and we do not collect, aggregate or sell any information from them.
How often do backups occur? Where are backups stored?
Backups occur daily and are retained for 7 days. Backups are fully encrypted with AES-256 and stored securely off-site in the AWS US-East-2 data center.
How long is data stored?
By default information added to the dashboard and data collected via visitor check-in must be available indefinitely in order to serve the needs of our customers. However both the visitors and the customers we serve have the right to request their information be corrected, sent to them or removed from our application, in compliance with GDPR, CCPA and PIPEDA guidelines.
As part of our best practice security protocols, we conduct regular access control audits on our infrastructure as well as the web application itself.
With our role-based access control system we are able to fine-tune the privileges of our dashboard users to protect their data while giving our employees the power needed to make changes when they are needed. The LobbyFox dashboard provides two roles:
When new kiosks are installed at a location we will provide accounts for your employees which will manage the kiosks at that location. If desired, employees can also manage multiple locations. Permissions to read and modify data are strictly scoped to the location or locations that they have been assigned for privacy and security. Location Managers cannot access any data outside of the locations associated with their organization.
Access to these accounts is limited to a small set of LobbyFox employees for the purpose of setting up new dashboard accounts, giving demos and fixing and diagnosing issues. Use of these accounts is regularly audited and monitored via internal audit log.
Our infrastructure is secured using best practice security processes and controls including:
Who has access to LobbyFox servers, database & kiosks?
Only top-level individuals on our development team are granted access to our database and servers and only under special circumstances such as diagnosing a problem, gathering data or for maintenance.
Our LobbyFox support team is allowed remote access to kiosks to help diagnose technical difficulties our customers report. Support team members will only access a kiosk if a problem has been reported there. The connection is fully encrypted and all kiosks are secured with password protections.
At LobbyFox we do our best to follow best security practices at the organizational level as well as the technical level. For this reason we have implemented to following organizational controls:
3rd Party Integrations
All vendors which provide our 3rd party integrations have been vetted and undergone a security audit to ensure that their security practices meet the requirements needed to handle our customers’ information.
We use the following 3rd party integrations:
Our application undergoes rigorous multi-stage testing throughout the development cycle to ensure that it is stable and secure. That is just the first layer of security: adhering to safe and responsible coding practices to protect against the most common vulnerabilities modern apps fall prey to such as SQL injection, cross-site scripting and cross-site request forgery attacks. Following testing, all of our code also undergoes a code scan upon submission by our developers to ensure that the additions to the application have not introduced any new security vulnerabilities.
The next layer is our real-time monitoring suite which includes tools such as DataDog and Sentry. The suite allows us to do everything from discovering a bug which has appeared at a single kiosk to investigating unusual traffic patterns across many locations of an organization. The data from these monitoring tools is regularly reviewed by our development team both for the purposes of improving the code quality and to detect any potential security issues.
The final layer is in the form of automated AI-powered threat detection which monitors our infrastructure and application 24/7. This threat detection tool uses data aggregated from around the globe to identify the patterns of malicious activity and notify our developers as soon as it finds something.
Currently we are compliant with CCPA in the United States and are in the process of becoming compliant with GDPR in the EU and PIPEDA in Canada.
We have successfully maintained an uptime of 99.95% in Q1 and Q2 of 2022 and are currently seeking to improve that figure. Our application is built with the most reliable infrastructure that cloud computing has to offer and our goal is to ensure our customers have 24/7 access to their kiosks and dashboards no matter where they are in the world.
What kind of load will there be on my network using LobbyFox?
We do our best to minimize the impact on your network that running LobbyFox will have by caching large requests to the kiosk. At idle, a kiosk will use very little bandwidth, only making extremely small requests of a couple kilobytes every 5 minutes to stay in sync with our database and server. When a kiosk is in use, you can expect only 1 to 5 megabytes per checkout, depending primarily on how much content such as images or videos has been added to the kiosk.
What ports are needed for LobbyFox to function?
Only HTTP port 80 and HTTPS port 443 will be required. For a more specific list of domains to whitelist in your network firewall see our networking documentation.
If you have any questions about this information, You can contact us: