Data privacy and security features
Oracle has adopted security controls and practices for Oracle Cloud Services that are designed to protect the confidentiality, integrity, and availability of customer data that is hosted by Oracle in the Oracle Cloud Services.
Oracle Maxymiser has several mechanisms to help meet your organization's data privacy and security requirements, including the following:
- Secured user access: Oracle Maxymiser provides the following:
- Native authentication: Account administrators can modify the default account lockout and password security policy as needed. IP blacklisting and whitelisting provides additional security capability for native service authentication. Passwords are stored as a digital hash using a strong cryptographic algorithm.
- Single sign on (SSO): If enabled for your account, Maxymiser supports third-party SAML 2.0 identity providers (IdP).
- Access controls: Account administrators can specify roles, permissions, and user groups to control access to production systems and data.
- Access logging: Account administrators can view the audit report and activity report for changes made on your site.
- Data minimization: By default, Oracle Maxymiser collects only IP addresses and does not share PII with third parties. Administrators have the option to disable storage of IP addresses in the reporting database.
- Data retention:
- Data is retained by default for active accounts. Once an account is terminated, its data is retained for 60 days.
- When a campaign is deleted in the UI, the data is removed from our databases.
- Cookies are set to expire after one year of the visitor's last visit.
- Data deletion: Correct or delete imported customer data at any time by modifying your data file and then reimporting it.
- Data portability: Export your campaign data.
- Data in transit is encrypted: All client to server communications are encrypted by default. HTTPS and SFTP are used for integrations and campaign data export features.
- The Maxymiser tag supports Content Security Policy (CSP) Level 3.
- Notice and consent: Enable end-users to opt out of being tracked and targeted.