Skip to main content

Information security when using Selectel services

Last update:

Selectel secures the information of its products, services and services from the moment you register your account in the control panel to the moment you delete your account.

Selectel is not responsible for the security of information that is posted and stored by customers on Selectel products, services and facilities.

Personal data

Selectel maintains the confidentiality of the personal information you provide when you create your dashboard account and will make it available in any available form upon your request.

We may print your personal data to comply with Russian law or at your request, for example, to prepare paper copies of contracts and deeds between us.

We may only disclose personal data to third parties in accordance with legal requirements or if we receive a legally binding request to disclose it. Disclosures to third parties will be recorded with information about what data was disclosed, to whom and at what time.

If we receive a binding request to disclose personal data, we will send information about it in a ticket if we have a legitimate reason to do so. We will do so no later than 30 days from the date of disclosure.

Account and its compromise

If you have trouble accessing your account, you can restore access to your account.

If the account has been compromised or you suspect a compromise:

Access control

The access of other users to Selectel services, products and facilities is managed by a user with the Account Owner role.

Access rights of users are delimited through:

  • user roles that define the accesses within each user type.

Learn more about access control in the Users and Roles (IAM) section.

Use of services

Information about the use of Selectel services, products and services is confidential. Access to this information is strictly regulated and only secure communication channels are used for transmission.

Isolation of customer infrastructure

Each Selectel customer's infrastructure is isolated, and Selectel administrators' access to that infrastructure is regulated.

Infrastructure isolation is accomplished on several levels:

  • control panel level;
  • level of infrastructure.

Infrastructure objects are created, modified, and deleted by the platform. Computing resources that are allocated to such objects are assigned to the client and are not used in infrastructures that belong to other clients. Depending on the specifics of the service, product or service, isolation is performed at the physical or logical level. Virtual resources are isolated at the virtualization environment level, and dedicated server resources are isolated at the hardware and network level.

Deleting temporary files

Temporary files that are processed by Selectel Infrastructure objects do not contain personal data. Temporary files are automatically deleted by the platform components when you finish working with an infrastructure object.

It is your responsibility to delete temporary files that are created and stored in Selectel products, services, and services when you use them.

Use of cryptographic protection means

Selectel infrastructure objects communicate using secure protocols with digital certificate authentication. Users connect to the dashboard and APIs using secure protocols for secure data transfer.

For additional data security, use your own cryptographic protection tools.

For remote access to the Selectel infrastructure using GOST encryption algorithms, connect the GOST VPN service.

Security in service development

When developing services, we:

  • analyze the security of the designed architecture and the specifics of the applied solutions;
  • Implement security requirements, policies and industry best security practices at every stage of the development lifecycle;
  • test the implementation of security requirements that are formed at the stage of building the service architecture or when the service is changed;
  • We conduct trainings and regularly improve the qualifications of our employees in the field of information security in the area of their activities.

Vulnerability management

We regularly analyze the security of the infrastructure of our products, services and facilities: we conduct internal and external scans and penetration tests. This allows us to identify and remediate vulnerabilities faster.

For more information about the division of responsibilities in terms of information security between us and the client, as well as the applicable security measures, please see the Security page on selectel.ru.

Notifications of changes, vulnerabilities and incidents

Information about service availability and technical work plan is displayed in the status panel.

Additionally, you can set up account notifications in the control panel. They notify about technical works, changes, failures, vulnerabilities that can affect infrastructure availability and security.

In order to minimize the possible consequences of an information security breach, Selectel has organized an information security incident management process that includes:

  • Analyzing monitoring system events, as well as employee, customer and regulatory communications;
  • identifying IS incidents and analyzing the reasons for their occurrence;
  • responding to IS incidents;
  • preventing the recurrence of incidents.

Customers can report IS incidents through a ticket.

Further handling of the incident will depend on whose area of responsibility it is.

If the incident is within Selectel's area of responsibility and could damage the infrastructure, we will respond to the incident ourselves. If necessary, we will provide you with information about the incident if it has impacted you. We will do this through a ticket or account notifications.

If the incident is within your area of responsibility, you must respond to it yourself. If possible, we will help you gather information on the incident as part of our technical support.

When an incident involving unauthorized access to personal data or means of processing personal data occurs that may result in the loss, disclosure or alteration of personal data, we will immediately notify all customers who may be affected. We do this via ticket or account notifications.

Information labeling

Selectel does not provide information labeling services. The need for and methods of labeling information, as well as the responsibility for the security of data in Selectel's products, services, and services, is your responsibility.

Using utilities that can bypass security procedures

When working with Selectel products, services and services, you may not use programs that may bypass security procedures. If you use such programs to analyze the security of your systems, you may agree to their use through a ticket.

We prohibit the use of our products, services and facilities for malicious activity: distribution of malware; distribution of software and other data in violation of intellectual property rights, cyberattacks, etc. We prohibit the use of our products, services and facilities for malicious activity.

Deleting customer data

At any time, you can delete your account and the data stored on Selectel's infrastructure yourself.

If you cancel products, services, or services or fail to pay for them on time, we will automatically destroy all data stored in Selectel infrastructure within the time period specified in the document "Terms of Use of Certain Services" for a particular product, service, or service. You can view them on the Documents page of selectel.ru.

The terms and conditions of deletion of personal data of our customers are defined in the document Policy on Processing and Protection of Personal Data.

Papers

Please see the terms and conditions of contracts for individuals and legal entities, as well as annexes to the contracts on the Documents page on selectel.ru.

For each document, we save the previous version in the Document Archive section.