• Hosted in the EU
  • GDPR Compliant

Security

Security

Security is an import issue for us. By providing co-browsing and chat we provide new methods for you to communicate with your customers. Key parts of our systems are designed specifically to prevent common vulnerabilities found in other systems.

Server Hosting

We use RAID 5 disks.

Data is backed up daily to an off-site system.

Our hosting provider is ISO 27001 certified.

European customers use our server located within the European Economic Area

Scripting protection

Strict server based cross site scripting protection. All information shared between the customer and the agent is sanitized by our trusted server in order to prevent cross site scripting attacks.

Interactions between customers and agents are never directly communicated, but through our trusted servers. This is needed to prevent clients and agents attacking each other's environment. This ensures that all communication is thoroughly sanitized and prevents attacks by hackers posing as customers (and vice versa). Only approved tags and attributes are allowed in co-browse sessions.

Strict sanitization of all shared data.

Session cookies

We only use session cookies. When the browser stops, the cookie is forgotten. This way we ensure we can't track your customers.

Automatically disconnect

Co-browse sessions are automatically terminated when the agent is away for longer than two minutes.

Programming Language

We use the secure and fault tolerant programming language Erlang. By doing this we prevent common security holes often found in other systems. Erlang was especially designed to implement fault tolerant systems which never stop. A lot of its design choices have direct influence on security. Concurrently running processes for instance can't share memory, so private information can't accidentally be leaked. The security track record of Erlang/OTP is examplary. The Erlang/OTP environment only received three CVE security issues over the years, compared to over 30.000 for Sun JRE (Java).

Sensitive data

The website owner is in full control over what information is shared in a co-browse session. Sensitive information like credit-card numbers or medical details can be removed from the view of the agent. This information never leaves the page of the customer. This ensures our customers can use our solution within their compliance policies.

Companies that integrate co-browsing can prevent content on their site from being shared with agents.

Adding the class "cobrowsing_nosync" to any page prevents the data from being shared.

Agent passwords are never stored on our servers.

Data Storage

Information shared between customers and agents in a co-browsing session is never persistently stored on disks. When the session is terminated all information is removed from the main memory of our systems.

HTML information is never stored. Not in a database or in log files.

Secure connections

When the connection to your customer is secured via SSL, the connection to the agent is also secured via SSL.

Security Roles

We use a security access manager based on ACL's and security policies.

Only authorised agents can start co-browsing sessions with customers. We have two levels at which agents can co-browse, View only and Control mode.

100% Web based

No downloads or installations. Our solution runs natively in the browser.

The agent can only help customers within their browser instance. No access to the desktop or other data on their device is possible. This makes it safer than screen sharing.

Only pages with the channel.me siteconnect script can be co-browsed.

The customer never leaves your already secure website. The agent can help the customer with the same level of security.

Chat logs

Chat sessions, and chat logs are stored on our server. Because chat sessions can contain privacy information, access to this information is only provided to trusted personnel.

Code Deployment

Our developers follow the OWASP (Open Web Application Security) guidelines.