Skip to main content

A) Confidentiality

1. Access Control to Premises and Facilities

Customer data is stored on Microsoft Azure North/West Europe regions. Pseudo anonymized analytics reports are stored by Hetzner Online GmbH in Finland. Access control to the premises is thus taken care of by these companies. Attached below is a link to each of the company’s security policy for their data centres. Microsoft: https://docs.microsoft.com/en-us/azure/security/fundamentals/physical-security Hetzner Online GmbH: https://www.hetzner.com/pdf/en/Sicherheit_en.pdf

2. Access Control to Systems

The unauthorised access to the data processing systems is assured by the following measures:
  • Access to the data processing systems is restricted to specific employees and all accounts are protected with two factor authentication.
  • All employees are required to store work-related credentials in a centrally managed enterprise password manager.

3. Access Control to Data

 The authorisation to access the Personal Data is managed by the following measures:
  • Access to the database is restricted in the following ways:
    • A firewall is used so that only authorized services can access it.
    • Each service has restricted permissions so that it can only access the information that is needed.
    • Field masking is used (a feature of SQL Server) so that sensitive fields, such as those that constitute personal data, are hidden for most of the services.
    • The Web API authentication mechanism allows the software vendor to narrow down the scope of permissions so that a certain “access token” can access. 

4. Intended Purpose Control

The objective is to assure that Personal Data compiled for different purposes can be processed separately if required. The measures implemented are the following:
  • By default, all personal information is protected by means of field masking and strict access policies. This prevents accidental access to personal information. Whenever additional access is needed by a service (by service, we mean any application we use internally for processing of data, such as the analytics dashboard), it is thoroughly reviewed before such access is granted. The goal is to lock down the access to information of each service to what is needed for the specific task.
  • If the personal data would be needed for different purpose than the intended purpose, a consent is obtained from the software vendor before such processing can begin.

5. Pseudonymization

Cryptolens strives to minimize the amount of personal data that is processed. The following measures are taken to reduce the amount of personal information being processed:
  • IP address – the IP of end users is anonymized before it is saved in the database by setting the last octet to 0. For example, if the IP address is 10.1.1.24, we will store 10.1.1.0. In cases where the IP address is not anonymized, it is ensured that it is removed when it is no longer necessary.
  • Machine code – Cryptolens client SDKs (which are used inside your application to verify a license) provide methods to identify end users without exposing any additional information about the device. This is achieved by passing all information collected about the device through a one-way cryptographic hash function.
Where it is not possible to pseudo anonymize personal data, for example, the customer’s name, email, etc., it is protected by the means described in Access Control to Data. In addition to these measures, the location of personal data is, where possible, localized to one place and never duplicated across multiple locations. For example, analytics service does not have access to personal information about customers; instead, it distinguishes between them using their identifier (an integer value). All personal information related to a customer is only stored in the production database and its replicas. As soon as personal information is not needed, it is removed.

6. Encryption “at rest”

We use the built-in feature of Azure SQL Server for encryption of data at rest. The Azure SQL database is where personal information is stored about software vendors and clients. All logs, backups are encrypted also.

B) Integrity

1. Disclosure Control including encryption “in transit”

The access to Personal Data during the electronic transfer and data transport is protected by transmission control measures:
  • All communication between our client SDKs and the Web API are over HTTPS and thus encrypted. Internal communication between the database and services (e.g., Web API and analytics) goes over an encrypted channel.

2. Input Control

  • Access to the Web API is protected by an access token mechanism. It ensures that the user is authenticated (i.e., confirm the identity of the account that attempts to perform a certain action) and b) authorized (i.e., the scope of permissions is verified so that only the permitted data can be accessed or uploaded).
  • An optional anomaly detection module can be enabled to detect any fraudulent or abnormal usage patterns.

C) Availability and resilience

Availability Control

To assure that the Personal Data are protected against accidental destruction or loss the following measures of availability control are in place:
  • The production database is backed up on a regular basis.
  • The production database has replicas in different regions within EU.
This includes the following measures to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident:
  • Since the production database has read-only replicas, we can switch over to one of them in case there is an outrage in the region where the production database is stored.
  • In case of technical incident that would cause data loss, we can fall back on a backup in a timely manner.
  • Status of the production database is continuously monitored with built-in features in Microsoft Azure and third-party services.

D) Process for regular testing, assessment, and evaluation

1. Data protection management

  • Security monitoring features provided by Microsoft Azure are used to detect any anomalies or threats. Notifications will be sent to relevant person(s) in the company should this occur.
  • All the resources have locks in place to prevent accidental editing or deletion.
  • Highly privileged user accounts are protected with two-factor authentication (with YubiKey, where possible).

2. Incident response management

  • All systems are monitored continuously by a third-party solution, with notifications set up so that relevant person(s) is notified and can fix the problem.
  • Regular automatic testing is performed to make sure that all methods work as intended.

3.  Measures to guarantee privacy by design

  • The system is designed to record only the information that is necessary for proper functioning of the service. When personal information is collected, it is ensured that, where possible, the data is anonymized, or pseudo anonymized (in cases where complete anonymization is not possible). Information is removed when it is no longer needed.
  • Information that cannot be anonymized, for example, names and emails as well as other string properties (e.g., notes), are protected with measures such as field masking (SQL Server feature), encryption at rest and measures that protect the access to the database described earlier.
  • When designing new features, we ensure to collect the least amount of information needed to achieve proper functioning of the service.

4. Job Control

  • Auditing logs are collected for access to the resources and actions performed on the resources, by employees and services.