Security
Simitless invests in its platform. We thank our customers as they keep trusting us with some of the most important assets they have: their data, their information, their knowledge. Why not follow our blog to be kept updated!
Here is a brief overview of our security measures. Want to know more? More questions? Why not letting us know by reaching out?!
Encryption Technologies
We use modern encryption technologies to deliver your applications and data securely to you. Have a look at the address bar of your browser. You should see a small padlock, and/or the letters “https://”. This small “s” means “secure” (some browsers even show the full word “Secure”). We use a TLS1.3 certificate that is renewed every 90 days to ensure that the key is not broken. We received the “A+” rating from the Qualys SSL Labs. In addition, our security settings are enforcing encrypted communications and actively blocking insecure connections from older and unsafe systems.
Payments & Bank Information
We chose Stripe as our payment provider. They are a renown payment provider for SaaS services. They are trusted by many systems already and provide extra security for all payment processing. They are PCI Service Provider Level 1, they force HTTPS for all services.
“All card numbers are encrypted on disk with AES-256. Decryption keys are stored on separate machines. None of Stripe’s internal servers and daemons are able to obtain plaintext card numbers; instead, they can just request that cards be sent to a service provider on a static whitelist.”
Hosting & Servers
We use modern virtualization on our servers to isolate most parts of the systems. This enables a better security. In addition to our splitted responsibility isolating servers, we use the high-performing content delivery network Cloudflare. This ensures a speedy delivery of the content to your computer.
We use multiple services to monitor constantly our sites and systems. You can consult some of the monitoring reports here:
Backups
The database is deployed in a scalable way. Such a setup allows us to grow the data storage organically, following the growth of your apps. We maintains an incremental and complete backup system of the servers, files and data carried out. These backups are then automatically tested on the primary hosting site and then on a secondary secure site. All backup communications are carried out securely (SSH with authentication by 2048 bit key and IP address lock). The publisher makes a backup:
- every 4 hours (6 versions kept),
- daily (7 versions kept),
- weekly (4 versions kept) and
- monthly (6 versions kept).
People
Everybody working for Simitless has been chosen for their trustworthiness as well as their expertise. However, just being trustful does not make a really good security policy. We isolated access rights. That way our employees don’t have any access to real user data. For our testing and development needs, we create simulated data. All bank-related data is also kept out of our own database and out of our entire systems actually. It is secured by our specialist payment system provider Stripe. We selected them because they provide a fully PCI DSS compliant system.
Data Safety, Data Access
We have introduced an itemized access control on our platform. Workspaces and Applications owners can control precisely who should be able to access what.
Availability
We have measured an availability rate of at least 99.9% over the past years that we had our servers up and running. We aim at 99.99% and are deploying more servers and more resilient services toward that goal. Our availability is being tracked by an independant system and its data is available on their dedicated site
Legal & Licences
Simitless promotes the use of thought-through licences for data diffusion. Be it “open” data, free licenses or commercial licences, we can help you choose the right way to protect your data and to optimize that protection based on what you want your data to do.
Transparency
We have set up an automated way of monitoring each and every server. Any issue noticed, any downtime and any scheduled maintenance is reported to our status reporting tool on https://status.simitless.com. This special page is hosted in a different data center from our other servers in order to ensure that we can update it and keep you informed even in the improbable case our main servers go down. In case we need to communicate additional information on our servers status, we have created a dedicated twitter account https://twitter.com/simitlessstatus.
Meteoric Technology
At its core, Simitless uses some of the most recent technologies to make your apps work seamlessly, simply and limitlessly. These technologies enable real-time collaboration. For the technologically inclined, you’ll be happy to know that we are using the Meteor javascript framework. Meteor includes heightened security by default. As the entire project is open-source, the whole community of developers constantly reviews and enhances the platform to ensure that the best security practices are in place.
MongoDB
Underneath Meteor we use MongoDB. “MongoDB is the next-generation database that lets you create applications never before possible.” We have implemented and maintain the recommended controls to ensure that your apps and data remain secure and accessible to you when you need them.
Physical Datacenter Safety
Hosting is what makes the things we do possible. It brings the system we created to your browser. We handle our own servers. They are created on-demand in data-centers through europe. We regularly review the hosting settings, in addition to all the automated alarms and quality checks that we have set on the systems. Doing so allows us to make sure that the service we provide is the best of its kind and that your data is secure.