Database Providers place a high priority on data protection and employ the best practices that are recognized by the industry to guarantee confidentiality, integrity, and availability. We apply both organizational and technical measures that are in proportion to the risks that are connected to the data we are processing.
All data transfers are secured using the TLS encryption method, and in addition, the stored data is secured with AES-256 encryption which is the standard encryption used across industries.
All privileged account users are subject to role-based access controls, the least privilege principle, and multi-factor authentication.
Our network is reinforced by firewalls, intrusion detection and prevention systems, and secure segmentation among others.
Unusual activities are detected and responded to with the help of continuous monitoring, comprehensive audit trails, and automated alerts.
In order to make sure that the data is always accessible, we keep encrypted backups and regularly perform the testing of the disaster recovery plans.
The specialized Security Lead/Data Protection Officer carries out the enforcement of policies, training, and the management of incidents.
Data Processing Agreements (DPAs) must be signed by all external data processors and they will also undergo security evaluations.
Employees receive constant training on the correct data handling and their privacy rights.
Access to data is granted solely based on the requirements of the certain job functions.
We maintain a formal incident response plan to detect, contain, investigate, and remediate security events. Affected parties are notified in accordance with applicable legal requirements and contractual obligations.
We perform periodic vulnerability scans, penetration tests, and compliance reviews. All identified risks are promptly addressed and remediated.
We limit the collection of data to what is necessary for processing purposes and apply pseudonymisation or anonymisation techniques where feasible.