Below are some of the most common questions we have been asked by our customers during on-boarding. Click on the question to see the answer.
There are no limitations to the amount of data we will store for you. As long as you are an active customer we will store your data for as long as you need for compliance purposes.
We utilize Amazon Web Services for our data hosting.
C3 is a multi-tenant service. It is designed with core tenants that ensure our customer data cannot overlap or be seen by other customers or entities.
Data can be exported within the Company Options section, under Administration. Select the “Download a Backup of Your Data” button. This function will provide CSV & PDF files of all data that has been entered. Other data export methods are available by contacting our support team.
All data in transit to and from our application is transmitted securely using a modern cipher suite, SSL, & TLS 1.2 or greater.
By default we do not employ data encryption at rest. For additional monthly cost we are able to provide application or database level encryption at rest.
We have a multi-tier backup strategy that is tightly integrated with our redundancy and high availability processes. Data is stored in multiple off-site locations, we store differentials and nightly full backups. All data is transported & stored under encryption.
Data is kept 30 days after the subscription is cancelled and purged after that. Purged data is not explicitly removed from backups and may persist in rolling backups for approximately another 30 days after it has been purged.
Yes, we have processes & procedures in place to address disaster recovery situations ranging from data center outages to complete switches of data center providers. They are reviewed & tested annually.
Our application automatically scales based on system load & latency. At the minimum, there will always be two systems for each portion of our application (database, application servers, queue systems, background workers, etc.) We will never have less than two instances in operation to prevent a single system causing an outage.
We perform internal penetration tests every 6 months. We don’t provide those penetration test results to customers or the public. Customers are encouraged to seek 3rd party penetration testing companies to validate our service security.
We employ multiple lower environments for testing. A continuous deployment / testing strategy is used to validate application code changes as well as operating system, related patches, & updates are fully functional & wont impact end users before they are deployed to production systems.
No, all operations that can be performed by a user in the application can be performed via our provided API.
Operating system is Linux – Amazon Linux specifically. Application development is primarily Ruby on Rails. And the database is Postges SQL.
We provide report creation and modification as part of our standard service fees. This feature is not self-service at this time.
Yes, we can add or remove custom fields depending on your needs.
A modern web browser.
Yes, we make extensive use of open source software. License agreements can be provided upon request.
Windows 7 / 10
Internet Explorer 11 or Edge
Android OS 4.4+
iOS OS 8+
Single sign-on can be supported as part of an enterprise level agreement and additional cost.
Our self-help center is available 24/7 with detailed documents providing assistance. And our average response time is under 4 minutes, during business hours.
Beyond our data center provider (Amazon Web Services) portions of our application leverage 3rd party services (routing, credit card processing, email transmission, etc). If these external services are unavailable that portion of the application will be unavailable or work will be queued for processing when the service returns.
Admin production control requires username/password and 2 factor authentication.
Yes, all changes performed on customer data are logged within an audit trail. It can be provided by request from an approved administrative user of the application. The data is write-only to secure it from tampering / updates.
In general, most transactions in our system are real-time. When large batch functions are performed, these are processed in a background work queue to ensure the application responds quickly to the end-user while the heavy-lifting is performed in the background. Our application indicates processing is occurring for those operations.
Our trailing year up-time is 99.995%
We maintain a roadmap but don’t provide it to customers at this time.