Executive Summary
The following document outlines MEGA’s best practices for handling sensitive customer data. In some instances, Technical Support resources may need access to customer environments to properly troubleshoot support cases. In these instances, MEGA takes every precaution to ensure the security of the data. Customers retain ownership of their data at all times; MEGA’s use of customer data is solely for purposes of resolving a support case submitted by the customer.
Data handling process
1. MEGA creates and shares user credentials to a private SFTP folder to exchange files.
2. The customer is asked to upload a copy of their environment in the format of SQL .bak files.
3. MEGA Technical Support resources create a virtual machine to reproduce the customer’s environment and download a copy of the data for debugging.
4. In some instances, support cases need to be escalated to MEGA 3rd level Technical Support resources located outside of the US, in the MEGA International HQ in France.
5. The virtual machine and all local copies of the data detained by MEGA are deleted once the customer data is no longer needed to work on the case.
6. The copy of the environment on the SFTP site can be deleted by the customer at any time or by MEGA Technical Support when no longer needed.
Security Details
SFTP:
• SFTP folders is specific to the customer.
• Only MEGA Technical Support and the customer have access to the folder.
Access to the data:
• Technical Support resources’ (including 3rd level resources in the MEGA International HQ) access to customer data can only occur at secure MEGA facilities on MEGA provisioned and monitored PCs.
Ownership and use of the data:
• The customer retains ownership of their data at all times. All copies of the data are deleted on demand. Local copies of the data are deleted after related support cases are closed.
• Use of customer data is restricted to the providing of Technical Support for purposes of properly troubleshooting a case that has been submitted by the customer. The data will not be used by MEGA for any other purpose.
• Customer data is never shared with any entity external to MEGA unless authorized in advance by the customer.
Comments
Your personal data are protected by MEGA International in accordance with our privacy policy.