About our security
If you’ve come to Safe Online, it’s because you care about keeping your customers’ data safe and private. Would you like to know a little about how we keep data safe when you use our products? We’ve prepared this public security statement as a companion to our privacy policy to outline our security and data protection standards and practices.
Our secure data storage
- We log all access to your files.
- We frequently back up documents and data.
- We use the latest encryption standards both when transferring and storing your documents, including backup.
- Only 2 developers in Denmark have access to user data and their access is restricted with MFA and location access.
- We guarantee that your data does not leave the EU.
- We monitor and keep all servers up to date with the latest OS and security patches
- We must have consent from at least 2 people at your company before we can access your data.
Our ethical AI
As AI becomes more and more widely used, questions about its ethics arise. Indeed, anytime you use AI, you should ask if it is ethical and use it responsibly.
Ethical AI should adhere to well-defined ethical guidelines and protect fundamental values, including:
- Individual rights
- Privacy
- Non-discrimination
- Non-manipulation
DataMapper’s AI does not create ethical concerns, for the following reasons:
- DataMapper uses AI to quickly detect and classify the personal data you already store in your systems. It does not collect additional data from your customers in any way.
- You decide who to invite to DataMapper, and what access they will have to the information gathered. You can give a user access to only their own data storage (regular user); or give them access to data and statistics for the whole company.
- Once DataMapper’s AI finds sensitive data and shows it to you, it is up to you to decide what to do with it. DataMapper’s AI cannot be used for automated decision making and it does not alter or manipulate the data in any way.
Access control
Our products were designed to help you manage your own company’s personal data. Our developers can access your data if you need them to, but only with two written consents.
More security details
Here are some more details about our security:
Users control access
Each user chooses which files DataMapper can access and retains full control to manage data access over time.
Users are authenticated
The verified creator of an account is given admin status and is the only one who can invite users to that team and the only one who can view a complete dashboard of all results. Users are identified by an administrator’s invite and a dedicated sign-up flow ensuring each user is verified.
Password and access tokens
Password and access tokens are signed with a shared secret signature key and the password is hashed with sha256_cryp.t. Every access to your data is securely logged.
Network and access
All communication between your computer and our servers is encrypted using 2048-bit RSA encryption. To prevent man-in-the-middle attacks, all our servers are certified with X.509 certificates provided by WebTrust certified certificate authorities. Finally, all your data is hosted on trusted third-party services (e.g., Azure) that use state-of-the-art access control and operate server facilities that are physically guarded.
Data encrypted in transit
HTTPS in transit, TLS 1.2, Shared access signature
Data encrypted at rest
Azure private blob storage encrypted at rest with Azure managed AES 256 bit keys