Under the hood

We build and maintain connectors which access data endpoints across numerous 3rd party APIs, such as Google Analytics, Adwords, Facebook, Stripe, Magento and many more. This data which is stored in our databases is then cleaned, joined and analysed by our team of data scientists and business analysts. Finally, we build dashboards which provide powerful insights for our clients, which are updated on a daily basis, allowing them to optimise spend and reduce CPA.

We only access and store data via these APIs that is specifically relevant to digital marketing. If we find, for whatever reason, that we need access to other types of data, we will always ask your permission first.

Data storage & security

Data security is of paramount importance for Conjura. The data we access through the APIs mentioned above (always via an encrypted connection) is stored on Amazon AWS servers located in Ireland. While Amazon, as a leading cloud services provider, has security safeguards put in place, we have implemented our own additional data and security safeguards, including:

  • Virtual Private Network to access those databases, so they are not exposed publicly, they are only available to those with a valid certificate that can be revoked at any time by network administrators.
  • Specific client data is encrypted in the database where necessary and the server disks themselves hosting the database are also encrypted using the AES256 encryption standard provided by Amazon RDS.
  • All our servers are accessed only by ssh using RSA key encryption.

GDPR compliance

The General Data Protection Regulation 2016/679 (GDPR), is a European Union regulation that relates to the processing personal data of individuals in the EU. It will come into affect on 25 May 2018, replacing the current EU Directive 95/46 EC, also known as the Data Protection Directive. Conjura is on the way to full compliance in advance of 25 May 2018, and has engaged the services of a Dublin-based law firm in support of this work.

While the core of business depends on the ability to link spend to user behaviour and conversions, it is not in our interest to hold personally identifiable data and where possible we avoid taking any data which can be used to personally identify a users, and opt instead for hashed, encrypted or anonymised data.

In the event that we obtain personal data that is not hashed, encrypted or anonymised, as a data processor we will only process data that our client (the data controller) has granted us access to. Thus, our clients warrant that they have the right to grant us access to the personal data they are asking us to process.

Under the GDPR, the processing of personal data is lawful if it is done on one of the following bases:

  • The consent of the data subject;
  • The processing is necessary for the purposes of the legitimate interests of the data controller;
  • The processing is necessary for the performance of a contract to which the data subject is a party;
  • The processing is necessary for compliance with a legal obligation to which the data controller is subject;
  • The processing is necessary in order to protect the vital interests of the data subject / another person;
  • The processing is necessary for the performance of a task carried out in the public interest.