GoX.ai (Two Minute Reports) is committed to protecting the data it processes. That is why we have built the system according to the best security and data protection measures. Contact us at firstname.lastname@example.org for any questions or comments.
Our services, web portals, account management systems, and all connections to your purchases are encrypted by default using the industry cryptographic protocol (TLS 1.2/1.3). If you try to connect over an unencrypted channel (HTTP), you will be redirected to the encrypted channel (HTTPS).
APIs, Databases and Two Minute Reports' connections to data destinations such as Google Sheets, Google Data Studio and data warehouses are SSL-encrypted by default.
For Two Minute Reports to work, customers must give read access to their data sources such as Facebook ads, Shopify or Google Ads. If possible, we use an OAuth access token. Through this mechanism, the client grants access to the data through Two Minute Reports and receives a token to access and retrieve the data. You can revoke tokens from both Two Minute Reports' Data Source management section or the data source service's respective portal too.
Two Minute Reports requires only minimal permissions to read the data. We will only ever access your data on your instructions through our tools like Two Minute Reports for Google Sheets/Google Data Studio or any automated scheduling that you have set up through us. Due to the nature of the data source, Two Minute Reports does not use additional permissions if the data source provides more than read-only access. We treat your tokens as passwords, they are strongly encrypted and will never be shared or logged.
Two Minute Reports require different permissions depending on the tool you use. For example, TMR for Google Sheets needs access to read and write spreadsheets. We request the minimum permission(s) required to serve you. If you have more default permissions than you need, we will never use them. These additonal permissions are needed only because of the inability to provide lower permission levels by Google or other destination providers.
We practice industry best practices, different types of firewalls, and other elemental authentication mechanisms to safeguard our services. As a "Privacy Focussed" organization, we follow strict standards for monitoring and reviewing minimal privilege compliance, IAM (Identity and Access Control) policies and security roles. We conduct annual security audits of applications and systems by third parties.
Two Minute Reports uses major cloud providers to process your data. Google Cloud Platform and Amazon Web Services are our providers of choice and both organizations have excellent compliance and regulatory audits including SOC 1/2-3, PCI-DSS, and ISO27001.
Documents for Google Cloud Platform and Amazon Web Services certifications can be obtained directly from Google and Amazon, respectively.
GoX.ai(Two Minute Reports) requires all employees to keep all customer information secure and to comply with security policies designed to comply with various security compliance standards, rules and regulations. We ensure that all employees receive immediate training on safety policies and are subsequently implemented at least annually. Administrative access to the system requires two-factor authentication, VPN, and tight password control. All of these policies are reviewed on a regular basis. Two Minute Reports has various change management and peer review practices in place within our software development lifecycle to ensure best pracices are followed and compliance is enforced and verified. Two Minute Reports is GDPR compliant.