DocsReferenceFAQs

Consonance is a web-based application, which means you access it from anywhere, bringing immense business advantages and enabling greater levels of flexibility and cost-reduction than the more traditional client-server architecture allows.

It is developed in Ruby on Rails, the web development framework behind Basecamp, GitHub, Shopify, Airbnb, Twitch, SoundCloud, Hulu, Zendesk, Square, Highrise, and Cookpad.

Application data storage is on PostgreSQL, the world’s most advanced open source database. The lifecycle management of database backups is entirely automated via Heroku Postgres Data Safety and Continuous Protection, which includes continuous physical and logical backups.

Storage of database backups and client files such as cover images and ebooks is via Amazon Web Services Simple Storage Service (S3), which is designed to provide 99.999999999% durability of objects over a given year.

Aside from Amazon S3 for hosting assets as described here, we do not integrate with or transmit data to third parties, such as API calls to LLMs. We do not use generative AI services as part of our software development process.

The Consonance application is hosted by Platform as a Service provider Heroku, a scalable, high performance cloud platform owned by Salesforce.

All of our hosting partners are chosen for their world-class reputations for security, performance, flexibility, and value for money.

Heroku provide an impressive network, data and system security layer.

Heroku, in turn, use AWS Data Centers. Amazon continually manages risk and undergoes recurring assessments to ensure compliance with industry standards. Amazon’s data center operations have been accredited under:

  • ISO 27001
  • SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II)
  • PCI Level 1
  • FISMA Moderate
  • Sarbanes-Oxley (SOX)
Salesforce is also audited annually and remains in compliance with the Sarbanes-Oxley (SOX) Act of 2002.

Because Consonance is web-enabled, it is platform-agnostic. Consonance runs in any modern web browser such as Chrome, Firefox, Opera, Edge and Safari, on any platform, such as Windows, Linux and OSX, on a computer or device such as Mac, PC and laptop. We require users to be accessing Consonance from a modern version of those browsers (updated in at least the last year) so that we know they are using software which has had security patches applied.

Our PostgreSQL AWS RDS and Heroku-hosted databases are encrypted at rest using AES256 . All database connections require SSL connections using TLS v1.2 or higher.

We use Heroku configuration variables to store private keys without transmitting them in code pushes or data.

Backups are managed as part of our Heroku account on a continuous protection basis.

Once a client account is set up on Consonance, various defaults can be set at the client level, such as preferred currencies, prices to be managed, whether products should default to be set to go in ONIX on creation or not. Then at the user level roles and permissions can be set up. A user can be an admin, which allows access to manage other user accounts, set permissions and abilities. This configuration is always done on a client by client basis to understand your unique requirements.

Most client accounts are hosted on our public cloud, with extensively-tested software isolating client accounts. On request and at additional cost, clients can choose to have a private database and instance of the code, on a directly-billed private cloud. Access to any Consonance installation is via HTTPS and TLS 1.3.

All docs about FAQs