See how Ducky’s API infrastructure is set up, how we ensure IT security and compliance with key regulation like GDPR
GDPR compliance
Our API offering does not log any personal information. It is designed to be used “server-to-server”, meaning the only IP addresses our servers see are the ones from our clients’ servers. No personal information is stored by any services.
For end users of Ducky’s websites and other services, see our privacy policy.
Where do you store data and where are the servers located?
The application servers are located in Norway, Europe.
The analytic service uses servers located in the USA.
The authentication service uses servers located in Europe.
The technical documentation server is located in Belgium, Europe.
What data is stored outside of the EU/EEA?
Moesif, our API analytic service, uses servers located in the USA. However, no sensitive data is sent to these servers. The data sent to this service includes IP addresses, but as we offer a “server-to-server” solution, the only IP addresses our servers see are the ones from our clients’ servers. We never see the IP addresses from end users.
System architecture for Ducky Insights
Core services enabling our API service
- API
- Powered by Azure Kubernetes Cluster
- Hosted on TietoEvry’s cloud, in Norway
- No logs
- API analytics
- Powered by Moesif
- Hosted by Moesif, in the USA
- Logs
- IP address (client server)
- Request date
- Response time
- HTTP status code
- ClientID
- API documentation
- Powered by Grav
- Hosted by Ducky, on Google Cloud Platform, in Europe
- Authentication
- Powered by Auth0
- Hosted by Auth0, in Europe
- Customer account database
- Powered by Auth0
- Hosted by Auth0, in Europe
- Stores
- Company name
- Company logo
System security
IAM for cloud services follows principle of least privilege.
All accounts use two-factor authentication and SSO.
Applications follow security best practices and scans for vulnerabilities regularly.