Data Security and GDPR Compliance

Use of cookies

By default our software only makes use of session cookies - which cannot be used to track a user and are only present for the duration of their session. For the purposes of GDPR compliance these cookies fall into the category of strictly necessary and it is therefore not required to obtain consent from the user. We do not use any additional analytical services such as Google Analytics unless requested to do so by a customer.

If a customer does request the use of an analytics service that places cookies on the user's device it may be necessary to use a cookie consent dialog.

Data processors and sub processors

Pentagull acts as a data processor under the terms of the GDPR. The only sub processor we use is Amazon Web Services (AWS), and you can view our sub processor agreement here.

AWS provides us with infrastructure as a service (IAAS) - i.e. virtual servers and networks which we are responsible for managing. As such, AWS does not have direct access to any of our data or traffic flows, as all data is encrypted both at rest and in transit to and from our virtual servers.

Ports and protocols used by our services

Our web-based services are accessed via HTTPS on the standard TCP port 443. We currently support TLS 1.2 and 1.3. All of our web-based services are protected using SSL certificates from certificate authorities that are trusted by all major web browsers. Management of private keys takes place entirely within our own virtual servers and is not managed by AWS.