We use multiple methods to ensure security and GDPR compliance. These are just some of them:
- data encryption in transit and at rest
- strict access control to persisted data, 2 factor authenticated
- strict access control to the cloud subscriptions, 2 factor authenticated
- access based on renewable, authenticated API keys
- “data separation”, or technically data source identification
- limited data retention
- regular code vulnerability scans, both for activities and backend
- regular penetration tests
- automatic vulnerability updates as part of Azure’s Platform as a Service
- various abuse and DDoS detection and mitigation techniques such as SYN cookies, rate limiting and connection limits
- 24x7 SRE and Security team
- secrets, such as encryption keys, are managed, stored, rotated, and transmitted securely through the Azure Management Portal
- GDPR compliance