Hosting

Our website is hosted with Amazon Web Services (AWS), which is one of the most acclaimed hosting services in the world. This hosting brings multiple benefits:
Secured infrasructure
Dynamic capacity: servers are set up to automatically request additional capacity when a peak occurs on our platform, which means you will never lose access to your account.
Servers and environment replacements: servers are located in 3 different sites, meaning that if one site goes down, the two others can sustain the activity.
If the Stafiz software goes down at a specific location, it is set up to automatically recreate a new environment with the same data within a few minutes.

Security measures

Security is ensured with multiple means :
Secured hosting (see above).
Secured framework: Stafiz software is built on the Laravel framework, which contains several security packages in its core functions.
Protections against attacks : the software code is protected against all “classic” hacking attacks : SQL injections, cookie theft, MITM, XSS, …
HTTPS connexion : RSA 2048 bits (SHA256withRSA). We have an A rating on SSLlabs.
Activity on the platform is logged, and alerts are automatically sent when an action triggers one of the security cases we have defined.
Confidential data (like passwords) are encrypted.

Access Rights

Users have access rights that are defined by administrators in your company. If a user tries to access a page he is not allowed to see, he will be blocked, and an alert will be sent to our technical / security team for investigation.

Security checks

Our software has been audited by an external expert company who ran pen tests on the code. These checks will be re-run regularly as we add code lines to the software, especially when significant additions or alterations will be performed.
Our technical team stays informed about any security risks or breaches requiring security patches for the software. If needed, these patches are implemented as soon as possible.

Database copies

Users have access rights that are defined by administrators in your company. If a user tries to access a page he is not allowed to see, he will be blocked, and an alert will be sent to our technical / security team for investigation.

Data portability

Our software has been audited by an external expert company who ran pen tests on the code. These checks will be re-run regularly as we add code lines to the software, especially when significant additions or alterations will be performed.
Our technical team stays informed about any security risks or breaches requiring security patches for the software. If needed, these patches are implemented as soon as possible.