Security is one of our biggest considerations. If you encounter any issues or have any questions after reading this document, get in touch with us.
A. User Security
User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs in. Record Evolution issues a session cookie only to record-encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
User-application passwords have minimum complexity requirements. Passwords are salted and hashed.
Certain sensitive user data, such as account passwords, are stored in an encrypted format. Credit card details are not stored in our database.
All Record Evolution user data is stored on servers located in Germany.
We use fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
Servers have redundant internal and external power supplies, as well as environmental controls. Data centers have backup power supplies, and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
Continuous uptime monitoring, with immediate escalation to Record Evolution staff for any downtime.
All our systems are tolerant to single-node failures within failover times of less than 3 seconds.
There are three replicas of all user data.
C. Network Security
System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
Firewalls restrict access to all ports except 80 (http), 443 (https).
Role-based access is enforced for systems management by authorized engineering staff.
Encryption in Transit
Communications with the Record Evolution website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to the intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs tests. We also employ Forward Secrecy and only support strong ciphers for added privacy and security.
D. Vulnerability Management
Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
E. Organizational & Administrative Security
We perform background screening on all employees in compliance within local laws. No Record Evolution employees ever access private accounts unless required to for support reasons. Support staff may sign into your account to access settings related to your support issue. In rare cases, staff may need to make a copy of your data pod, this will only be done with your consent. When working on a support issue, we do our best to respect your privacy as much as possible. We only access the data and settings needed to resolve your issue. All copied data pods are deleted as soon as the support issue has been resolved.
We provide security and technology use training for employees.
We screen our service providers and bind them under contract to appropriate confidentiality and security obligations.
F. Software Development Practices
Our engineers use best practices and industry-standard secure coding guidelines.
We deploy code regularly giving us the ability to react quickly in the event of a bug or vulnerability being discovered within our code.
G. Compliance & Certifications
All payment details are transmitted over a secure connection (Secure Socket Layer-SSL) and stored in compliance with PCI DSS (Payment Card Industry Data Security Standards) 3.1.
H. Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Record Evolution learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our Website if a breach occurs.
I. Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any user data you download to your own computer away from prying eyes.
J. Credit Card Safety
When you sign up for a paid account on Record Evolution, we do not store any of your card information on our servers. This information is handed off to Stripe Payment Solutions, a company dedicated to storing your sensitive data on PCI-compliant servers.
If you have a question, concern, or a comment about the Record Evolution security policy, please contact us via email at firstname.lastname@example.org
Note: For your convenience, we have provided an English translation of our Security Policy. This translation is for informational purposes only, and the definitive version of this page is the German version.