Security Practices

Posted: October 1, 2021
Last Modified: October 14, 2021

Protection of customer data is our top priority. As described below, we use organizational and technical measures designed to prevent unauthorized access, use, alteration or disclosure of customer data stored on systems under our control.

Security Controls

We maintain a number of network security controls, including but not limited to:

  • Firewalls, network access controls and other techniques designed to prevent unauthorized access to systems processing customer data;
  • Measures designed to assess, test and apply security patches to all relevant systems and applications used to provide our services;
  • Infrastructure provided by TransIP B.V., an ISO 27001-certified hosting provider based in Leiden, the Netherlands. Information about security certifications received by TransIP is available from the TransIP Certifications website.

Data Encryption

We employ industry-standard encryption to protect customer data:

  • Encryption implemented in transit by means of HTTPS and SSH protocols;
  • Encryption of all backups located in cloud storage with AES 256-bit keys;
  • Full disk encryption of all company laptops.

Business Continuity

We maintain a service continuity and disaster recovery plan as well as processes to ensure failover redundancy with our systems, networks and data storage.

Personnel Management

We ensure that our employees and contract personnel understand and follow our policies regarding customer data security:

  • We perform employment verification, including proof of identity validation and criminal background checks for all new hires;
  • All our employees are trained on their obligation to maintain the confidentiality of customer data to prevent unauthorized collection, processing or use of customer data;
  • Upon employee termination, whether voluntary or involuntary, we immediately disable all access to our systems.

Customer Data Access

We limit access to customer data through the following:

  • Unique personnel access authorization using secure logins and passwords, including multi-factor authentication for administrator access;
  • Personnel access strictly on a “need to know” basis;
  • Personnel access to production environments strictly on a business need basis;
  • Encryption of security credentials for production access;
  • Maintenance of measures designed to prevent customer data from being exposed to or accessed by other customers;
  • Restriction on any storage of customer data using electronic portable storage devices such as computer laptops, portable drives and other similar devices.

Contact

If you have questions about our security practices please write to [email protected].