Encryption at Analytics Plus

Encryption is predominantly used to prevent data exfiltration or theft, and to ensure secure data transfer between applications. Encryption is done by converting the information from a readable format to an encoded format using algorithms. Encrypted information can be accessed only by authorized parties, thereby preventing unauthorized access.

Encryption can be done at two levels, 

  • Encryption in Transit
  • Encryption at Rest

Encryption in Transit 

It refers to data that is encrypted when it is in transit — including from your browser to the web server and other third parties via integrations. Encrypting data in transit protects your data from man-in-the-middle attacks. 

Learn more about Encryption in Transit 

Encryption at Rest ( EAR ) 

This refers to the data that is encrypted when it is stored, either on a disc, in a database, or some other form of media. In addition to encryption of data during transit, encryption of data when it is stored in the servers provides a higher level of security. EAR protects against any possible data leak due to server compromise or unauthorized access. Encryption is done at the application layer using the AES-256 algorithm which is a symmetric encryption algorithm and uses 128-bit blocks and 256-bit keys. The key used to convert the data from plain text to cipher text is called Data Encryption Key (DEK). The DEK is further encrypted using a KEK (Key Encryption Key), adding an additional layer of security. The keys are generated and maintained by our in-house Key Management Service (KMS). 

Learn more about our key management service 

What data do we encrypt in Analytics Plus? 

We encrypt the columns in data tables identified using the Mark as Personal Data option.This is useful for handling sensitive information such as PII (personally identifiable information) and ePHI (Electronically Protected Health Information). In addition to this, credentials used for data import/export across sources and destinations.

Full Disk Encryption

Besides application-layer encryption, full disk encryption is available in our IN (India), AU (Australia), and JP (Japan) data centres.

Learn more about Full Disk Encryption 

Marking Personal Data

Analytics Plus provides a dedicated Mark as Personal Data option to flag sensitive columns that could potentially identify individuals or pose privacy risks (e.g., Name, Email, Job role, Company name). When you enable this option on a column the data is automatically encrypted at rest and handled with enhanced security measures on our servers.

This feature ensures extra protection during storage and export: Columns marked as Personal Data are not selected by default when exporting views, requiring manual selection as an additional safeguard.