Data Security & Privacy

GoX.ai (Two Minute Reports) is committed to protecting the data it processes. That is why we have built the system according to the best security and data protection measures. Contact us at security@gox.ai for any questions or comments.

Retention of data processed by the customer

All the data you process resides in the system as cached data to improve the speed and efficiency of results fetched from external sources. All caches are periodically invalidated on the timeline determined by the design of the data source. The life of the caches may be only a few minutes, but in rare cases the caches may be longer if notified and further permission is obtained from you. Data is stored only in the cache, so any processed data is not stored in the backup. When the cache is cleared, you can always get new data directly from the data source. Your access token is retained so that you can retrieve data by the schedule created by you to run in the background. These credentials are securely encrypted and stored. It may also store data such as custom field metadata and account names and information if the data source integration feature requires data. See our Terms of Service and Privacy Policy for more information.

Website, Payment and Account Portals

Our services, web portals, account management systems, and all connections to your purchases are encrypted by default using the industry cryptographic protocol (TLS 1.2/1.3). If you try to connect over an unencrypted channel (HTTP), you will be redirected to the encrypted channel (HTTPS).

Data Connectors

APIs, Databases and Two Minute Reports' connections to data destinations such as Google Sheets, Google Data Studio and data warehouses are SSL-encrypted by default.

Permissions

Data source Permissions

For Two Minute Reports to work, customers must give read access to their data sources such as Facebook ads, Shopify or Google Ads. If possible, we use an OAuth access token. Through this mechanism, the client grants access to the data through Two Minute Reports and receives a token to access and retrieve the data. You can revoke tokens from both Two Minute Reports' Data Source management section or the data source service's respective portal too.

Two Minute Reports requires only minimal permissions to read the data. We will only ever access your data on your instructions through our tools like Two Minute Reports for Google Sheets/Google Data Studio or any automated scheduling that you have set up through us. Due to the nature of the data source, Two Minute Reports does not use additional permissions if the data source provides more than read-only access. We treat your tokens as passwords, they are strongly encrypted and will never be shared or logged.

Data destination permissions

Two Minute Reports require different permissions depending on the tool you use. For example, TMR for Google Sheets needs access to read and write spreadsheets. We request the minimum permission(s) required to serve you. If you have more default permissions than you need, we will never use them. These additonal permissions are needed only because of the inability to provide lower permission levels by Google or other destination providers.

Solution infrastructure

We practice industry best practices, different types of firewalls, and other elemental authentication mechanisms to safeguard our services. As a "Privacy Focussed" organization, we follow strict standards for monitoring and reviewing minimal privilege compliance, IAM (Identity and Access Control) policies and security roles. We conduct annual security audits of applications and systems by third parties.

Physical and environmental safeguards

Two Minute Reports uses major cloud providers to process your data. Google Cloud Platform and Amazon Web Services are our providers of choice and both organizations have excellent compliance and regulatory audits including SOC 1/2-3, PCI-DSS, and ISO27001.

Documents for Google Cloud Platform and Amazon Web Services certifications can be obtained directly from Google and Amazon, respectively.

Company Policies

GoX.ai(Two Minute Reports) requires all employees to keep all customer information secure and to comply with security policies designed to comply with various security compliance standards, rules and regulations. We ensure that all employees receive immediate training on safety policies and are subsequently implemented at least annually. Administrative access to the system requires two-factor authentication, VPN, and tight password control. All of these policies are reviewed on a regular basis. Two Minute Reports has various change management and peer review practices in place within our software development lifecycle to ensure best pracices are followed and compliance is enforced and verified. Two Minute Reports is GDPR compliant.