Softstart is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request and our support team has been trained accordingly.

Our legal and security teams are hard at work ensuring that all existing and new processes are compliant with the law at Softstart.

You can find our privacy policy here: .

Security within the organization

We have dedicated teams working on application and operational security with the full support of our management.

Vulnerability management

Third-party penetration testing is done yearly and complemented by internal pentests and secure code reviews. Vulnerability handling is covered by our internal policies to ensure a quick analysis and mitigation of any issue.

Data protection

All your data within the application is encrypted at rest using AES 256 and in transit using TLS 1.2. Databases are encrypted at rest.

When sensitive or personal data needs to be stored or cached it is done with an additional application-level encryption layer.

Access controls

Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect with Multi-Factor Authentication (MFA).

We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve issues you are facing with Softstart.

Employee policies

All our employees get a background check and they get mandatory security training. We monitor conformity with the Azure Security center.

Did this answer your question?