We are sometimes asked about our approach to data protection so following is further information on that but do contact us if you want further details or want answers to questions not covered here.
Is Ably part of the EU-U.S. Privacy Shield Framework?
No. This is because only US businesses can join Privacy Shield and Ably is incorporated in the UK. The Privacy Shield Framework was designed by the U.S. Department of Commerce and European Commission to provide companies on both sides of the Atlantic with a mechanism to comply with EU data protection requirements when transferring personal data from the European Union to the United States. As Ably is within the EU we comply in any case with EU data protection requirements.
Does Ably comply with EU data protection requirements?
How will Brexit and new EU regulation affect Ably’s approach to data protection?
We do not yet know what form Brexit will take or what the timescales will be. It is thought likely that the UK legislation will remain very much in line with EU legislation in any case. In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. On 4 May 2016, the official texts of the Regulation and the Directive were published in the EU Official Journal. While the Regulation entered into force on 24 May 2016, it will apply from 25 May 2018. Ably will review, and comply, with all revised UK data protection legislation once it is clarified.
Is Ably registered with the UK Information Commissioner’s Office?
Yes. Ably is registered as a data controller, registration reference ZA153339, and we can provide a copy of our certificate if required.
What level of data encryption does Ably use?
Ably uses TLS 2048 bit encryption for all data in transit. However, customers can elect not to transmit their data over TLS. All data within the same data center in Ably is moved around un-encrypted as it cannot be intercepted, but is always encrypted when moved between data centres.
Ably also offers optional 256-bit AES symmetric encryption which makes it impossible for Ably to inspect any data payloads moving through the system at all.
Does Ably inspect data it transports?
No. Ably never inspects payloads. We treat them as opaque. Ably is a conduit for data (a ‘dumb pipe’) like the postal service in the physical world.
Does Ably transport personal data?
As a transport for information Ably does not know the nature of the data we are handling. It is possible for our customers to transport the personal data of their customers.
Where is data going through the Ably platform stored?
Data in transit is stored ephemerally (i.e. not on disk) in all 24+ data centres in all regions. Each region can have two or more data centres.
Messages are only persisted when history is explicitly enabled, and that data is stored in US East Virginia, Europe Ireland, and Asia Singapore.