A general consensus seems to be that encrypting files is enough to guarantee security, however, we disagree, and as such aspire to go much further. While encryption is essential, it is the last barrier preventing your data leak from being somewhat harmless X into being devastating. First and foremost you want to prevent data leaks, then limit the scope of data leaks, then limit the content of data leaks. So that is what we set out to do.
Cyber Essentials is a government-backed, industry supported scheme to help organisations protect themselves against common cyber attacks. Cyber Essentials focuses on the five essential elements for cyber security; secure configuration, boundary firewalls, access controls, patch management and malware protection. We are delighted to hold the Cyber Essentials Certificate.
All connections are served and enforced via HTTPS over TLS 1.2 or TLS 1.3. Access to our RESTful interface is restricted via strong password (preferably 32-64 characters) requirements and optionally using IP filtering or additional API keys. Our passwords are only stored as salted hash using Argon2i.
Our servers are hardened by starting out with every port blocked, and only opening the required in- and outbound ports after. The only access to the server is via SSH using an AES-256 key. Our servers are scanned daily for vulnerabilities, and patched accordingly.
When it comes to encryption, we take it very seriously. We apply multi-level encryption using established and secure protocols and ciphers only. This goes as far as having a unique date encryption key per file, so no unauthorized entity can ever access another person's data. These encrypted files are in turn stored in an external (non-Amazon, Dutch hosted) S3 bucket as a backup.
On top of our own security scans and threat detection tools we also let ourselves be audited by dedicated security testers multiple times per year.Since the launch of our platform in 2010, they have never achieved a breach or other serious security issue.
Our policy is that we or a third party are not allowed to analyse, sell or share your data with anyone. Unless specifically requested by our customers we do not even use tracking cookies on our solutions. Functional system essential cookies only.
You need a reliable, robust, secure and GDPR compliant* solution provided by an ISO accredited specialist in data security.