Skip to main content
Information security when using Selectel services
Last update:

Information security when using Selectel services

Selectel ensures the information security of its products and services from the moment of account registration in the control panel up to the point of account deletion.

Selectel is not responsible for the security of information posted and stored by customers on Selectel products and services.

Personal data

Selectel maintains the confidentiality of the personal information you provide when you create your Control panel account and will make it available in any form upon your request.

We may print your personal data to comply with Russian law or at your request, for example, to prepare paper copies of contracts and deeds between us.

We may only disclose personal data to third parties in accordance with legal requirements or if we receive a legally binding request to disclose it. Disclosures to third parties will be recorded with information about what data was disclosed, to whom and at what time.

If we receive a binding request to disclose personal data, we will, where we have a legitimate basis to do so, send information about it to the ticket. We will do so no later than 30 days from the date of disclosure of personal data.

Account and its compromise

If you are having trouble accessing your account, you can reactivate your account.

If the account has been compromised or you suspect a compromise:

Access control

The access of other users to Selectel services, products and facilities is managed by a user with the Account Owner role.

User access rights are delimited through:

  • user roles that define accesses within each type of user.

Read more about access control in the section Users and Roles (IAM).

Utilization of services

Information about the use of Selectel services, products and facilities is confidential. Access to this information is strictly regulated and only secure communication channels are used for transmission.

Isolation of customer infrastructure

Each Selectel customer's infrastructure is isolated, and Selectel administrators' access to that infrastructure is regulated.

Infrastructure isolation is accomplished on several levels:

  • control panel level;
  • level of infrastructure.

Infrastructure objects are created, modified, and deleted by the platform. Computing resources that are allocated to such objects are assigned to the client and are not used in infrastructures that belong to other clients. Depending on the specifics of the service, product or service, isolation is performed at the physical or logical level. Virtual resources are isolated at the virtualization environment level, and dedicated server resources are isolated at the hardware and network level.

Deleting temporary files

Temporary files that are processed by Selectel Infrastructure objects do not contain personal data. Temporary files are automatically deleted by the platform components when you finish working with an infrastructure object.

It is your responsibility to delete temporary files that are created and stored in Selectel products, services, and services when you use them.

Use of cryptographic protection means

Selectel infrastructure objects communicate using secure protocols with digital certificate authentication. Users connect to the dashboard and APIs using secure protocols for secure data transfer.

For additional data security, use your own cryptographic protection tools.

For remote access to Selectel infrastructure using GOST encryption algorithms, connect the following service GOST VPN.

Security in service development

When developing services, we:

  • analyze the security of the designed architecture and the specifics of the applied solutions;
  • Implement security requirements, policies and industry best security practices at every stage of the development lifecycle;
  • test the implementation of security requirements that are formed at the stage of building the service architecture or when the service is changed;
  • We conduct trainings and regularly improve the qualifications of our employees in the field of information security in the area of their activities.

Vulnerability management

We regularly analyze the security of the infrastructure of our products, services and facilities: we conduct internal and external scans and penetration tests. This allows us to identify and remediate vulnerabilities faster.

Read more about the division of information security responsibilities between us and the client, as well as the security measures in place, on the page Security on selectel.co.uk.

Notifications of changes, vulnerabilities and incidents

Information about service availability and technical work plan is displayed in the status bars.

Additionally, in the control panel you can configure account notifications. They alert you to technical work, changes, failures, vulnerabilities that can affect infrastructure availability and security.

In order to minimize the possible consequences of an information security breach, Selectel has organized an information security incident management process that includes:

  • Analyzing monitoring system events, as well as employee, customer and regulatory communications;
  • identifying IS incidents and analyzing the reasons for their occurrence;
  • responding to IS incidents;
  • preventing the recurrence of incidents.

Customers can report IS incidents via ticket.

Further handling of the incident will depend on whose area of responsibility it is.

If the incident is within Selectel's area of responsibility and could damage the infrastructure, we will respond to the incident ourselves. If necessary, we will provide information about the incident if it has impacted you. We will do this through ticket or account notifications.

If the incident is within your area of responsibility, you must respond to it yourself. If possible, we will help you gather information on the incident as part of our technical support.

In the event of an incident involving unauthorized access to personal data or means of processing personal data that may result in the loss, disclosure or alteration of personal data, we will immediately notify all customers who may be affected. We do this through ticket or account notifications.

Information labeling

Selectel does not provide information labeling services. The need for and methods of labeling information, as well as the responsibility for the security of data in Selectel's products, services, and services, is your responsibility.

Using utilities that can bypass security procedures

When working with Selectel products, services and facilities, you may not use programs that may circumvent security procedures. If you are using such programs to analyze the security of your systems, you may approve their use through the ticket.

We prohibit the use of our products, services and facilities for malicious activity: distribution of malware; distribution of software and other data in violation of intellectual property rights, cyberattacks, etc. We prohibit the use of our products, services and facilities for malicious activity.

Deleting customer data

At any time, you can delete your account and the data stored on Selectel's infrastructure yourself.

If you cancel products, services, or services or fail to pay for them on time, we will automatically destroy all data stored in Selectel's infrastructure within the time period set forth in the "Terms of Use of Certain Services" document for the specific product, service, or service. You can view them on the page Papers on selectel.co.uk.

The terms and conditions of deletion of our customers' personal data are defined in the document Policy on processing and protection of personal data.

Papers

See the terms and conditions of the contracts for individuals and legal entities, as well as annexes to the contracts on the page Papers on selectel.co.uk.

For each document, we save the previous version under Document Archive.