Common Security and Data Questions
- Last updated on June 27, 2022 at 11:25 AM
We try our best to be compliant with whatever security concerns that you may have. If the answer to your question cannot be found below, feel free to send us a support ticket.
Where is data stored?
All data is stored with AWS in USA-based data centres.
Does the Elevio Assistant store cookies anywhere?
The Elevio Assistant does not store cookies anywhere. The Knowledge Base sets one cookie in order to set 'alert' text for things like logins and auth errors, however, it is removed as soon as it is no longer needed.
Is Elevio EU GDPR compliant?
We have put a lot of work in to ensure that we are GDPR compliant, you can learn a little more about that here: https://elev.io/legal/gdpr
Do you have a DPA / DPS we can sign?
Yes. You can find this near the bottom of our GDPR page here: https://elev.io/legal/gdpr
Does Elevio support SSO (Single Sign-On)?
We use a SAML2.0 compliant SSO platform (F5 - BigIP)
Can the Assistant be embedded in an iframe?
While the Assistant can be installed in a sandboxed iframe, this means you won't be able to use any of the following:
- Embedded Elements
- Helpers
- The Visualizer
What are the CSP directives that should be used to whitelist Elevio?
If you already have CSP in place, you can whitelist Elevio by calculating the hash of the embed script and adding that to your existing CSP policy, along with some additional directives.
Here's our list of recommended CSP directives:
default-src 'self'; script-src *.elev.io '<YOUR HASH HERE>' 'sha256-723TIiqLuTOna8umfkhPrxZRozEG1oHUpwD4fdEGWyw='; font-src *.elev.io; connect-src *.elev.io; style-src *.elev.io 'unsafe-inline'; img-src *.elev.io; frame-src *.elev.io
Does the Elevio Assistant use local storage?
We sure do; this helps us ensure that your end users' tickets don't get lost, etc.
NB: Unless users are logged in, no data is stored in Elevio