Security Policy
Security is one of our biggest considerations. If you encounter any issues or have any questions after reading this document, get in touch with us.
Record Evolution users have entrusted Record Evolution with their data, and we make it a priority to take our users’ security and privacy concerns seriously. We strive to ensure that user data is handled securely. Record Evolution uses some of the most advanced technologies for internet security that are commercially available today. This Security Statement is aimed at being transparent about our security infrastructure and practices, and to help reassure you that your data is appropriately protected. Visit our privacy policy for more information on data handling. Record Evolution is a product built on a Google Cloud Platform. Therefore, most of the security measures are provided by the Google Cloud Platform which implements a comprehensive Google Security model. This security statement outlines the main security measures taken to protect your data. For more detailed information, visit https://cloud.google.com/security/
A. User Security
User data on our database is logically segregated by account-based access rules. User accounts have unique usernames and passwords that must be entered each time a user logs in. Record Evolution issues a session cookie only to record-encrypted authentication information for the duration of a specific session. The session cookie does not include the password of the user.
User-application passwords have minimum complexity requirements. Passwords are salted and hashed.
Data Encryption
Certain sensitive user data, such as account passwords, are stored in an encrypted format. Credit card details are not stored in our database.
Privacy
We have a comprehensive privacy policy that provides a very transparent view of how we handle your data, including how we use your data, who we share it with, and how we retain, delete, and block it.
All Record Evolution user data is stored on servers located in Germany.
B. Availability
We use fully redundant IP network connections with multiple independent connections to a range of Tier 1 Internet access providers.
Servers have redundant internal and external power supplies, as well as environmental controls. Data centers have backup power supplies, and are able to draw power from the multiple substations on the grid, several diesel generators, and backup batteries.
Continuous uptime monitoring, with immediate escalation to Record Evolution staff for any downtime.
All our systems are tolerant to single-node failures within failover times of less than 3 seconds.
There are three replicas of all user data.
C. Network Security
Testing
System functionality and design changes are verified in an isolated test “sandbox” environment and subject to functional and security testing prior to deployment to active production systems.
Firewalls
Firewalls restrict access to all ports except 80 (http), 443 (https).
Access Control
Role-based access is enforced for systems management by authorized engineering staff.
Encryption in Transit
Communications with the Record Evolution website are sent over TLS connections, which protects communications by using both server authentication and data encryption. This ensures that user data in transit is safe, secure, and available only to the intended recipients. Our application endpoints are TLS only and score an “A” rating on SSL Labs tests. We also employ Forward Secrecy and only support strong ciphers for added privacy and security.
D. Vulnerability Management
Patching
Latest security patches are applied to all operating systems, applications, and network infrastructure to mitigate exposure to vulnerabilities.
E. Organizational & Administrative Security
Employee Screening
We perform background screening on all employees in compliance within local laws. No Record Evolution employees ever access private accounts unless required to for support reasons. Support staff may sign into your account to access settings related to your support issue. In rare cases, staff may need to make a copy of your data pod, this will only be done with your consent. When working on a support issue, we do our best to respect your privacy as much as possible. We only access the data and settings needed to resolve your issue. All copied data pods are deleted as soon as the support issue has been resolved.
Training
We provide security and technology use training for employees.
Service Providers
We screen our service providers and bind them under contract to appropriate confidentiality and security obligations.
F. Software Development Practices
Coding Practices
Our engineers use best practices and industry-standard secure coding guidelines.
Deployment
We deploy code regularly giving us the ability to react quickly in the event of a bug or vulnerability being discovered within our code.
G. Compliance & Certifications
All payment details are transmitted over a secure connection (Secure Socket Layer-SSL) and stored in compliance with PCI DSS (Payment Card Industry Data Security Standards) 3.1.
H. Handling of Security Breaches
Despite best efforts, no method of transmission over the Internet and no method of electronic storage is perfectly secure. We cannot guarantee absolute security. However, if Record Evolution learns of a security breach, we will notify affected users so that they can take appropriate protective steps. Our breach notification procedures are consistent with industry rules or standards that we adhere to. Notification procedures include providing email notices or posting a notice on our Website if a breach occurs.
I. Your Responsibilities
Keeping your data secure also depends on you ensuring that you maintain the security of your account by using sufficiently complicated passwords and storing them safely. You should also ensure that you have sufficient security on your own systems, to keep any user data you download to your own computer away from prying eyes.
J. Credit Card Safety
When you sign up for a paid account on Record Evolution, we do not store any of your card information on our servers. This information is handed off to Stripe Payment Solutions, a company dedicated to storing your sensitive data on PCI-compliant servers.
Contact Us
If you have a question, concern, or a comment about the Record Evolution security policy, please contact us via email at contact@record-evolution.de
Note: For your convenience, we have provided an English translation of our Security Policy. This translation is for informational purposes only, and the definitive version of this page is the German version.