How BonicBD Protects Your Tracking Data
Server-side GTM means your event data flows through infrastructure you control. Here is how BonicBD handles encryption, isolation, consent, retention, and incident response for Bangladesh ecommerce teams.
Built-in protections across the stack
End-to-End TLS Encryption
Every request to your tracking subdomain uses TLS 1.3. Free SSL certificates are auto-provisioned via Let's Encrypt and auto-renewed before expiry. We do not support unencrypted HTTP for tracking endpoints.
- Let's Encrypt SSL auto-renewal
- TLS 1.3 enforced on all tracking domains
- HSTS headers on provisioned subdomains
Per-Client Container Isolation
Each client's GTM container runs in its own isolated environment. Data is not shared across accounts, and credentials are scoped strictly per client. Access logs are per-client and not co-mingled.
- Dedicated container per account
- Credential scoping per client
- Separate access logs
Consent Mode v2 Support
BonicBD supports server-side Consent Mode v2. You can configure geo-based defaults — for example, denied defaults for EU traffic and granted defaults for non-EU traffic — and send conversion modeling signals where consent is denied.
- Server-side consent state routing
- Geo-based default configuration
- Conversion modeling for denied consent
Bangladesh Data Processing
Primary infrastructure is hosted on BDIX-connected servers in Bangladesh. Event data for Bangladeshi visitors is processed locally, reducing cross-border round-trips. If you have specific data residency requirements, contact us before signup.
- BDIX backbone for Bangladesh traffic
- Reduced cross-border data flow
- Custom residency options on request
Infrastructure Monitoring
Continuous container health checks with automatic restart on failure. We target high availability and notify clients of any significant interruptions via email and WhatsApp.
- Health checks every 60 seconds
- Auto-restart on container failure
- Email + WhatsApp incident alerts
Data Retention & Deletion
By default, event payloads are retained for 7 days for debugging and replay. You can request shorter retention or immediate deletion. Upon account cancellation, client data is purged within 30 days unless legally required to retain longer.
- 7-day default event retention
- Shorter retention on request
- 30-day purge after cancellation
What happens if something goes wrong
Detection: Automated health checks and log monitoring flag container failures, high latency, or SSL expiry within minutes.
Response: Critical issues are addressed within 4 hours during Bangladesh business hours (Sat–Thu, 9 AM–8 PM). After-hours critical issues target a 12-hour response.
Communication: Affected clients receive direct WhatsApp and email notification with incident status, root cause summary, and resolution timeline.
Post-incident: We review significant incidents internally and share relevant technical findings with affected clients on request.
Need a Security Review Before Signing Up?
If your legal or compliance team needs a security questionnaire answered, or if you have specific audit requirements, reach out directly.