IT Standards
Safe communication
We use HTTPS encrypted communication between the client application and the server. This means that even if someone manages to intercept the ongoing communication, they will not be able to get to sensitive data.
Safe infrastructure
We use the complete Microsoft Azure infrastructure, which prides itself on its security. Microsoft Azure is certified to numerous security standards and compliances, including ISO 27001, SOC 1/2/3, HIPAA, and more.
We don’t let users be the weak link
We require users to create a strong password that contains a sufficient combination of characters and length. For added security, two-factor logins are also available and are strongly recommended.
Protection against external attacks
We have implemented protection:
Against XSS, which minimizes the risk of an attacker inserting malicious code into our application.
Against SQL injection attacks, which prevents attacks that allow database queries to be manipulated.
Against CSRF attacks, which minimizes the risk of sending a malicious request to another site.
Against brute-force attacks so that this technique cannot be used to gain unauthorized access to the application.
Data security
Access to the data stored in the database is strictly limited and encryption is mandatory.
We update the software
We regularly update our app along with the related software to ensure that it is always up-to-date with the latest security patches.
Professional development
Our team of developers works in accordance with the latest recommended practices, with an emphasis on testing and catching any bugs so that they don’t make it into production. We have strictly separate development, testing and production environments, and we have a fully automated CI/CD release. This minimizes repetitive work that could lead to errors from inattention, while completely eliminating the need for programmers to access production servers.
We test security
We regularly perform security testing of the application to minimize the risk of attacks and to ensure security against future threats.