How does Silktide security work?
This guide is designed to help understand any security considerations from using Silktide, from the perspective of an IT or security manager. It assumes some technical knowledge.
Overview
Silktide is a fully hosted software-as-a-service (SaaS) platform designed to test websites and help teams understand and improve them. Silktide runs on the cloud, hosted on Amazon Web Services (AWS).
All of the Silktide application uses SSSL / TLS encryption, to secure data being passed between Silktide and our users. Access to Silktide is restricted to authorized users via username and password. Passwords are required to meet a minimum security level. Access to individual parts of Silktide – for example, access to a particular website – is limited to authorized users and roles.
What data Silktide stores
In most cases, our users are testing websites which are on the public internet. As such, the data stored by Silktide concerns publicly available webpages, and not highly sensitive.
There follows a list of data which Silktide stores which depending on your organization could be considered sensitive:
- Your list of users, including their names and email addresses.
- Logs of when users perform any action in Silktide, e.g. testing websites, approving spellings.
- Your list of search engine keywords, which you have chosen to optimize for.
- Any custom policies you have designed to test your websites (e.g. “all pages must avoid words in ALL CAPITALS”). These policies could theoretically be sensitive in some cases.
- All website content – see “Testing sensitive websites” below.
Testing sensitive websites
An important consideration occurs if you test websites not on the public internet, e.g. password-protected or otherwise secured websites.
Silktide record the access credentials used to access these websites, e.g. the username and password required, or the proxy authentication details required. Where appropriate, we recommend using fake credentials for testing, e.g. a dummy user with no sensitive data. In any case, we do not allow Silktide staff access to these details.
When a website is being tested, Silktide keeps a record of each tested page, including their HTML, CSS, images and other resources, screenshots of each page and changes to those pages over time. Depending on the nature of the website, this data could be considered highly sensitive.
Deleting data
When a user is deleted, all of their personal information is deleted immediately (e.g. name and email address). A log of their actions remains, but is attached to an abstract identifier. This log can be deleted on request.
When a website is deleted, all configuration data (including login details) is instantly deleted. Some other data – such as screenshots – is earmarked for removal, and permanently deleted within 30 days.
Frequently asked questions
- Where is my data located geographically?
Currently all data is held in the United States. - Can I install Silktide on my own premises?
Silktide is not available as an on-premise solution. - Does Silktide comply with GDPR?
Yes. See our Data Processing Agreement.
See more
- How does Silktide detect cookies?
- How does Silktide choose which pages to test?
- What browsers does Silktide support?
- How does scoring work?
- Why doesn't Silktide offer an accessibility plugin or overlay?
- What languages does Silktide support?
- What IP address and user agent does Silktide use?
- How does Silktide count pages?
- How does Silktide handle frames and iframes?
- How does Sitebeam compare with Silktide?
- How does Silktide see websites?
- How long does a website take to test?