DataMapper Security

Best practise for data security

DataMapper treats all your personal data as private, even basic things like your name and email address. The system has been designed to comply with the best practices of data security in the business.

Danish government’s Agency on Digitization

We comply with Denmark’s Agency on Digitization’s best practices

We comply with the Danish government’s Agency on Digitization’s best practice guidelines for IT providers. To make it easy for you to learn about DataMapper security, we’ve published our answers to 11 questions they use to evaluate software in Danish and English.

Key points:

  • We log all access to your files.
  • We frequently back up documents and data. 
  • We use the latest encryption standards both when transferring and storing your documents, including backup.
  • We guarantee that your data does not leave the EU. 
  • We monitor and keep all servers up to date with the latest OS and security patches 

DataMapper data flow diagram

DataMapper can scan personal sensitive data from cloud solutions, desktop and network drives. Data can only be scanned, when the users choses the location and folders to scan and authenticates the scan using security tokes. Data is then moved to a secure tennant within a personal resource group where data is scanned and processed with AI/ML algoritms.

The scanned meta data (extracted data) is then transferred securely to a storage in the personal tennant, where it will be used by DataMapper to visualize risks, enabling the user to clean up.

Data stays safe while you use DataMapper

DataMapper security access control

You stay in control 

Each user chooses which locations and individual folders DataMapper can access and the user retains full control to manage data access over time.  

No one else sees your results

Only 2 developers in Denmark can access user data, and their access is restricted with MFA and location access. They will only access your data if you request them to, and only with two written consents.  

DataMapper security and privacy

You control your team’s access

As the verified creator of an account, you get admin status and are the only one who can invite users to your team. You choose where the people you invite will have admin access of user access. 

Admins can monitor a complete dashboard of everyone’s results,  users will only see their own results.

Features to keep data secure

Your data is kept in the EU

We guarantee that your data will not leave the EU.

Frequent backups

We regularly back up documents and data.

Access is logged

We log every access to your files.

Users verified

Dedicated sign-up flow ensuring each user is verified.

Passwordless authentication

Secure tokens from Microsoft/ Google are securely transferred to our system for verification.

Encryption

All communication between your computer and our servers is encrypted using 2048-bit RSA encryption.

Certificates

Our servers are certified with X.509 certificates provided by WebTrust certified certificate authorities.

Servers

Our trusted third-party services (e.g., Azure) use state-of-the-art access control. Server facilities are physically guarded.

Security patches 

We monitor and keep our servers up to date with the latest OS and security patches.

Data encrypted at rest  

Azure private blob storage encrypted at rest with Azure managed AES 256 bit keys.

Data encrypted in transit  

HTTPS in transit, TLS 1.2, Shared access signature.

Our ethical AI 

As AI becomes more and more widely used, questions about its ethics arise. Indeed, anytime you use AI, you should ask if it is ethical and use it responsibly. 

Ethical AI should adhere to well-defined ethical guidelines and protect fundamental values, including: 

  • Individual rights 
  • Privacy 
  • Non-discrimination 
  • Non-manipulation 

DataMapper’s AI does not create ethical concerns, for the following reasons: 

  • DataMapper uses AI to quickly detect and classify the personal data you already store in your systems. It does not collect additional data from your customers in any way. 
  • You decide who to invite to DataMapper, and what access they will have to the information gathered. You can give a user access to only their own data storage (regular user); or give them access to data and statistics for the whole company. 
  • Once DataMapper’s AI finds sensitive data and shows it to you, it is up to you to decide what to do with it. DataMapper’s AI cannot be used for automated decision making and it does not alter or manipulate the data in any way. 

Would you like to know more about Safe Online and how we view privacy and security?

Read our Public Security Declaration

Get ShareSimple FREE for one user today!