DATA AT REST
We use the industry standard AES-256 encryption algorithm to encrypt database instances, backups, read replicas, snapshots and media storage.
We use pseudonymization and generalization techniques to anonymize data used for statistical analysis.
The complete information on a single user account is only accessible through a secure network at local office premises. Access is only granted to a limited number of full time employees that fulfill the IT support and testing functions. Any other customer support representative must file a specific and traceable request to get more information that helps satisfy the user need. If at any time the employee with access resigns or terminates his/her work with the company, his/her credentials are promptly and permanently revoked.
DATA IN TRANSIT
All data in transit is protected by using SSL SHA-256 with RSA-2048 Encryption. Data in transit between the app and our infrastructure is also secured with certificate pinning to resist impersonation by attackers using fraudulent certificates.
Requests between our infrastructure and TPP are also verified with a partially cryptographic request signature scheme.
Authentication and authorization are provided by a short lived unforgeable and refreshable token, so that if an access token is compromised the attacker has a limited window in which to abuse it. In the extremely unlikely event of a security breach, we can easily revoke all the tokens preventing the leak of sensitive information and we will provide prompt and adequate information to all the persons whose personal data were affected by the leakage and to the relevant national authorities if required by the applicable law.