Access controls

All Dovetail employees have limited access to Dovetail infrastructure and systems and access is always provisioned on a minimum-necessary, least-privilege, basis.

Access is only granted on a need-to-use basis, based on the responsibilities and duties of the employee.

Dovetail employs database roles to obscure all customer data to prevent access during day to day operations. During a support case, if it is absolutely necessary to view customer data to troubleshoot the issue, we will seek written permission from the customer first via email. Access to unobfuscated data must be approved by a manager and is only granted temporarily on a need-to-use-basis.

Every Dovetail employee has unique authentication details that identify them when accessing infrastructure systems, assets, and applications. Multi-factor authentication is enforced and passwords must be rotated every 90 days.

Dovetail utilizes Amazon Web Services as the principal web application infrastructure. Amazon Web Services data centers feature a layered security model, including extension safeguards such as:

• custom-designed electronic access cards

• motion alarms and sensors

• video surveillance

• perimeter fencing

• metal detectors

• biometrics

Dovetail employees do not have physical access to Amazon Web Services data centers, servers, network equipment, or storage.