Skip to content

Security Policy

We built the Artapava.com business diagnostics platform on modern, reliable, fast and secure platforms. We are using a multi-tier infrastructure with security gateways protected by web application firewalls with constant infrastructure monitoring to identify potentials risks and breaches to mitigate them.

Assets, like reports and surveys, are stored encrypted at rest and can only be accessed by an application that requires access specifically for that service and only by personnel with certain authorization levels. Access information is securely stored outside our codebase and our data.

Application security

Latest versions and security patches

We are working continuously to have the latest version of software and security patches installed on all libraries used.

Vulnerability scans

We are working hard to prevent SQL injections, XSS vulnerabilities, and other common issues.

We are using security tools to check for vulnerabilities of our code and find potential risks. Each upcoming potential vulnerabiliry or risk is reported, classified, and promptly fixed and patched.

Firewalls

‍Our system, servers, and networks are secured by firewall which is regularly checked and updated. We only provide one access path with open ports 80 and 443 for HTTP(S) traffic. All other systems, servers, and networks are protected and limited to our internal network. Only authorized personnel have access to our server infrastructure.

Code Reviewing

The Artapava development team uses a modern software development approach to ensure the development of secure, reliable, fast and flexible software.

We are using a revision control system (git, svn). Any changes to our source code base are reviewed & approved by authorized persons in a code review. When code changes testing system and reviews, the changes are deployed to a staging server. In this staging server, Artapava employees are able to test changes before an eventual push to production servers and our customer base.

Your Data

Data storages

All our connections are encrypted via Transport Layer Security (TLS) with version v1.3. We have implemented encryption of all data in rest.

All production environments are separated from testing environments.

Compliant with General Data Protection Regulation (GDPR)

We are compliant with the EU General Data Protection Regulation (GDPR) which should help to protect personal data and give individual users more rights and control of their personal data. We are a processor in terms of GDPR. We are storing some personal data (Personally Identifiable Information (PII)) in the form of name and email of users, browser information, operating system, screen sizes, URL, location / IP address (only in specific cases) and screenshots of browser content.

We are storing all data in the European Union (EU). For more information and our Data Privacy Agreement, please read our GDPR page.

Data segregation and data access

All accounts and data of each customer are separated by unique IDs. These can only be accessed by the customers’ team members. Our customer success team will only access a customer's account after a clear request by the customer.

Backups & disaster recovery

All data is backed up daily, secured by encryption, and stored for 30 days.

Logs

Our system is storing logs to reproduce any faults or track security breaches. No personal data is stored within our logs. Activity logs are kept for 90 days.

Authentication & Login

Passwords & sessions

We can not retrieve any password as they stored in an irreversible cryptographic hash. We encourage our customers to use strong passwords to increase their security and protection of their personal data. Every access to our application is secured by a session that is invalidated in case of unauthorized access or after a certain time of inactivity on two separate levels.

Encryption

Secure transport via HTTPS

Our system enforces traffic via HTTPS (port 443). Requests to web resources and access to our REST API can only be obtained via SSL.

Encryption at transport and at rest.

Our business diagnostics platform uses industry-standard encryption algorithms for encrypting your data in transport, as well as at rest.

Get in touch

Have a question or want to learn more? Send us a message.