Softstart is ready to handle any requests related to GDPR. Workflows are in place to ensure a fast response time on any formal request and our support team has been trained accordingly.
Our legal and security teams are hard at work ensuring that all existing and new processes are compliant with the law at Softstart.
Security within the organization
We have dedicated teams working on application and operational security with the full support of our management.
Third-party penetration testing is done yearly and complemented by internal pentests and secure code reviews. Vulnerability handling is covered by our internal policies to ensure a quick analysis and mitigation of any issue.
All your data within the application is encrypted at rest using AES 256 and in transit using TLS 1.2. Databases are encrypted at rest.
When sensitive or personal data needs to be stored or cached it is done with an additional application-level encryption layer.
Access to administrative operations and production infrastructure is only granted to a few select engineers through Azure's Privileged Identity Management service with time restrictions and approval processes enabled. They must connect with Multi-Factor Authentication (MFA).
We will contact you to obtain explicit consent in the event our engineers require administrative access that could reveal any of your organization's data to resolve issues you are facing with Softstart.
All our employees get a background check and they get mandatory security training. We monitor conformity with the Azure Security center.