Security

Security measures

We take your data security very seriously and are performing multiple spot and recurring actions to ensure they are safe with us.

Hosting
Our website is hosted with Amazon Web Services (AWS), which is one of the most acclaimed hosting services in the world. This hosting brings multiple benefits:

  • Secured infrasructure
  • Dynamic capacity: servers are set up to automatically request additional capacity when a peak occurs on our platform, which means you will never lose access to your account.
  • Servers and environment replacements: servers are located in 3 different sites, meaning that if one site goes down, the two others can sustain the activity.
  • If the Stafiz software goes down at a specific location, it is set up to automatically recreate a new environment with the same data within a few minutes.
  • Technically, one app actually consists of multiple “environments”. A “load balancer” dispatches traffic between the different environments, to ensure an optimized response time.
  • Isolated and secured databases and environments (VPC).

Security measures
Security is ensured with multiple means :

  • Secured hosting (see above).
  • Secured framework: Stafiz software is built on the Laravel framework, which contains several security packages in its core functions.
  • Protections against attacks : the software code is protected against all “classic” hacking attacks : SQL injections, cookie theft, MITM, XSS, …
  • HTTPS connexion : RSA 2048 bits (SHA256withRSA). We have an A rating on SSLlabs.
  • Activity on the platform is logged, and alerts are automatically sent when an action triggers one of the security cases we have defined.
  • Confidential data (like passwords) are encrypted.

Access rights
Users have access rights that are defined by administrators in your company. If a user tries to access a page he is not allowed to see, he will be blocked, and an alert will be sent to our technical / security team for investigation.

Security checks
Our software has been audited by an external expert company who ran pen tests on the code. These checks will be re-run regularly as we add code lines to the software, especially when significant additions or alterations will be performed.
Our technical team stays informed about any security risks or breaches requiring security patches for the software. If needed, these patches are implemented as soon as possible.

Database copies
Copies of the database are made every day and stocked for a minimum of 7 days. There is a minimum of 7 copies of databases at all time. Should anything happen to the production databases (the main ones), copies can be retrieved and replace the original ones within a few minutes.

Data portability
We guarantee full restitution of content stored by customers. Either for internal archiving purposes during the life of the project, or for re-injecting it into another platform (typically upon project termination).

Data portability
We have no obligation to retain the data of the customer after any effective date of termination, and undertake to destroy all content after at least 30 days following the customer’s request.