Data security & privacy
We commit to keeping your data safe and secure.
Related content
Content | Link | Last updated |
---|---|---|
Data Privacy Policy | Data privacy | 10.11.2023 |
Terms of Use for our software (Reframe products) | Terms & Conditions | 10.11.2023 |
Technical- and Organisational Measures (TOM) | ToM | 10.11.2023 |
Data Processing Agreement | Data Processing (AuV) | 10.11.2023 |
Data security of our software
Reframe Data is a “Cloud Services Made in Germany” certified company. Our software is hosted on Hetzner servers in Germany, being fully compliant with German and EU guidelines. Hetzner is an ISO27001 certified hoster.
Reframe is built on a modern software technology stack. We guarantee a system and data security on all three levels of security (system infrastructure, software and databases). See details related to our technology stack here.
Authorization & password security
Access to Reframe is secured by an state-of-the-art identity management system (https://www.keycloak.org/) following the OAuth 2.0 security protocol.
Reframe includes a role-based permission scheme. This means that users get access to different sections of the system based on their roles. For each role, certain permissions can be granted per section to view, edit and/or create data entries. The user accounts and permissions can be managed via a user interface in the system. Permissions can even be connected to dynamic elements, e.g. countries, provinces, schools, action areas or projects.
The following security features can be enabled:
- Brut-force detection (system will be locked after x failed login attempts for)
- Password policies (e.g. minimum number of characters, special characters, expiration after x days)
- Two-factor authentication (one-time password required for each login via authenticator app; e.g. Microsoft Authenticator)
- Terms and Conditions page (users need to accept data protection related terms before first login)
Separate environments for development, testing and production are provided. The storage and transmission of sensitive and/or personal data complies with current encryption standards.