How Netice keeps your data secure
Security policy of Netice Data Transfer Platform

UUSIMMAT JULKAISUT

Google Analytics 4 -raportointi | Ilmainen koulutus

Google Analytics 4 -raportointi Koulutuksen jälkeen ymmärrät mm. 🔹 raportoinnin Google Analytics 4:llä 🔹 Kuinka visualisoit ja raportoit mm. sivustosi merkittäviä mittareita 👉🏻 ja kuinka raportoinnin avulla voit tukea liiketoimintasi tavoitteita ja niiden mitattavuutta! Video: Google Analytics 4 -raportointi Katso koulutus ilmaiseksi alla olevasta videosta. Koulutusaiheemme liittyvät moderniin digitaaliseen myyntiin ja markkinointiin. Google Analytics 4,…

Markkinoinnin mittarit ja raportointi | Katso koulutus!

Digimarkkinoinnin mittarit ja raportointi: koulutuksen esittely Katso ilmainen koulutus alla olevasta videosta ja opi digitaalisen markkinoinnin mittarit ja raportointi! Koulutuksen jälkeen ymmärrät mm. 🔹 Markkinoinnin mittarit 🔹 Kuinka visualisoit ja raportoit markkinoinnin ROI:ta ja asiakashankinnan hintaa 🔹 Kuinka markkinointisi suoriutuu 👉🏻 ja kuinka näillä tiedoilla lisätään myyntiä. Video: Digimarkkinoinnin mittarit ja raportointi Katso koulutus ilmaiseksi…

GA4 ja Looker Studio | Ilmainen koulutus

Video: Google Analytics 4 ja Looker Studio Katso koulutus ilmaiseksi alla olevasta videosta. https://www.youtube.com/watch?v=ILOj9v9TdQc GA4 & Looker Studio – digitaalisen liiketoimintasi mitattavuus: koulutuksen esittely Tunne verkkoliiketoimintasi Google Analytics 4:n ja Looker Studion avulla! Koulutuksen jälkeen ymmärrät mm.🔹 Kuinka visualisoit ja raportoit Google Analytics -dataa🔹 Mikä todella tuo verkkoliiketoiminnassasi konversioita ja myyntiä🔹 Webisi käyttökokemusta👉🏻 ja kuinka…

Ensuring the Security of Your Data

At Netice, protecting your data is our highest priority. This Security Policy outlines the comprehensive measures we take to safeguard your sensitive information while ensuring compliance with both the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). Netice’s security measures are also designed to comply with HIPAA (Health Insurance Portability and Accountability Act) and by signing a Business Associate Agreement with Netice and by using Netice’s U.S. based instance, our U.S. clients can transfer PHI (Protected Health Information) with Netice. This document complements our Terms of Use and Privacy Policy to provide a detailed overview of our security practices.

Security Measures for your Data Transfers

Netice Data Transfer Platform ensures highly secure data transfers with encryption at rest and in transit. Netice implements strong encryption, secure authentication, and strict security controls. Where applicable and chosen by the user and with BAA signed, Netice ensures HIPAA compliance. Below are the key security measures:

1. Encryption at Rest (AES-256)

  • Before any file is stored or transferred, it is encrypted using AES-256, ensuring data remains secure while in Netice’s ephemeral storage and deleted after the transfer process is over.
  • Encryption keys are never hardcoded and are securely retrieved from AWS Secrets Manager or Google Cloud Secret Manager.

2. Encryption in Transit

  • All communication with Google Cloud services (including BigQuery & Google Cloud Storage) and the SFTP server is encrypted using TLS 1.2+.
  • If your transfer source or destination is SFTP, Netice requires secure encryption ciphers from your SFTP server, ensuring files are not transmitted in an insecure format.

3. Secure Authentication & Key Management

  • Google Cloud authentication uses IAM-based service accounts instead of hardcoded credentials.
  • Encryption passphrases are stored securely in AWS Secrets Manager instead of being exposed in logs or code.

4. SFTP Security Compliance

  • Before the transfer begins, Netice validates the SFTP server’s encryption ciphers.
  • The system rejects any SFTP server that uses outdated encryption like 3des-cbc.
  • Only AES-128, AES-192, and AES-256 ciphers are permitted by Netice. This is to maintain Netice’s own security standards which are also shared by HIPAA compliance requirements. Netice ensures it is only involved in secure data transfers.

5. Secure File Handling

  • Files are temporarily stored on Netice’s ephemeral storage with AES-256 encryption and securely deleted after the transfer.
  • Decryption only happens immediately before delivery to the client’s SFTP server to ensure the file remains encrypted throughout processing.

6. Access Controls & Logging

  • All operations are logged securely for audit purposes.
  • The system follows least privilege access principles, ensuring only authorized processes can handle data.
  • SFTP credentials are securely managed, and while customers are strongly recommended to use private key authentication, in case of password credentials customers are required to use only strong passwords that, in practice, are not possible to be cracked with brute forcing.

Netice Data Transfer Platform: A Secure Environment

  • Data Accessibility: Accessing the Netice platform does not grant access to the data used in your transfer tasks. Data transfers occur in secure environments outside the platform, ensuring that your sensitive data remains isolated and protected.
  • Secret Protection: Secrets such as Google Cloud service account keys, SFTP passwords, and private keys are encrypted and securely managed outside the platform using Google Cloud Secret Manager, ensuring no unauthorized access.

Storage and Encryption of Sensitive Data

Google Cloud Secret Manager, AWS Secret Manager

We utilize Google Cloud Secret Manager & AWS Secret Manager to store sensitive secrets such as SFTP passwords, private keys, and Google Cloud Platform (GCP) service account keys. Secret Manager provides a secure and convenient way to manage and access secrets, ensuring they are protected with encryption both at rest and in transit. This service also offers fine-grained access control and audit logs to monitor secret access, further enhancing security.

Encryption of Sensitive Fields

Encryption Standards

All sensitive fields within our application are encrypted using industry-standard algorithms (e.g., AES-256). This ensures that sensitive information remains secure and unreadable by unauthorized parties.

Password Security

Password Encryption

User passwords are securely hashed and salted using strong cryptographic algorithms before storage. We employ algorithms such as bcrypt, which are designed to be computationally intensive, making brute-force attempts highly impractical. This method ensures that user passwords are protected.

Firebase Security Measures

Our application leverages Firebase Authentication for secure user authentication. Firebase provides several built-in security features:

  1. Secure Authentication Tokens: Firebase generates secure tokens for authenticated sessions, which are short-lived and require re-authentication periodically.
  2. Transport Security: All communications with Firebase services are encrypted using HTTPS, ensuring data integrity and confidentiality.
  3. Multi-factor Authentication: Firebase supports multi-factor authentication (MFA), adding an extra layer of security by requiring users to verify their identity using multiple methods.

Secure Payment with Paddle

Payment Security

We use Paddle for secure payment processing. Paddle is a trusted payment platform that handles transactions with the highest security standards. It complies with the Payment Card Industry Data Security Standard (PCI DSS), ensuring that all payment information is processed securely. Paddle provides:

  1. Encrypted Transactions: All transactions are encrypted, protecting user payment information during processing.
  2. Fraud Prevention: Paddle employs advanced fraud detection and prevention measures to safeguard against unauthorized transactions.
  3. Compliance: Paddle complies with global payment security standards, ensuring a secure payment experience for our users.

Compliance with GDPR, CCPA and HIPAA

GDPR Compliance

  1. Data Minimization: Only the data necessary for providing our services is collected.
  2. User Rights: Users can access, correct, delete, or restrict the processing of their personal data.
  3. Data Transfers: All cross-border data transfers use mechanisms such as Standard Contractual Clauses.

CCPA Compliance

  1. Right to Access and Deletion: Users can request access to their stored data and delete it via self-service or contacting support.
  2. Do Not Sell: Netice does not sell personal data under any circumstances.
  3. Identity Verification: A robust two-step identity verification process ensures compliance with CCPA’s standards for data access requests.

HIPAA Compliance

Netice can sign a HIPAA Business Associate Agreement with its U.S. based clients who are handling Protected Health Information (PHI).

Web Security Enhancements

Cross-Site Request Forgery (CSRF) Protection

We have implemented CSRF protection to prevent unauthorized commands being transmitted from a user that the web application trusts. By including CSRF tokens in our forms and validating these tokens on the server side, we ensure that requests are genuine and initiated by authenticated users.

Content Security Policy (CSP) and Nonces

To mitigate cross-site scripting (XSS) attacks, we employ a Content Security Policy (CSP). CSP is a security standard that helps prevent a range of attacks by specifying which content sources are trusted. Additionally, we use nonces (cryptographic tokens) to ensure that only scripts explicitly approved by our server are executed, further bolstering our defense against injection attacks.

Security of the transferred data

We understand that the security and privacy of your data are of utmost importance. Under regular operations, we do not see any of the content in the data you transfer – your data is not provided for anyone to access, it is not distributed, sold or exposed in any way and all of this would go strictly against all that we stand for. We would like to assure you that our system is designed to handle your data with the highest level of confidentiality and security. Here are the key points regarding our data handling practices:

  1. Temporary Data Storage:
    • Ephemeral Storage: Your data is only stored temporarily in our system. The files are transferred to a secure temporary directory solely for the duration of the transfer process.
    • Swift Deletion: Once the transfer to the intended destination is successful, the files are promptly deleted from the temporary storage to not be retained longer than necessary.
  2. No Established Access:
    • Automated Processes: The transfer process is fully automated. Our system does not retain or have regular access to your data.
    • No Human Intervention: Under normal operating conditions, there is no human intervention required in the data transfer process, ensuring that your data remains private and unseen by our team.
  3. Data Privacy Commitment:
    • Confidentiality: In addition to such actions being completely outside of our regular operations and strictly outside our code of conduct, no one in the organization has the regular permission to access the content of your data. Our role is solely to facilitate the secure transfer of your files from the source to the destination you specify. We categorically refuse to access the contents of the data, nor do we generally even have any of it available for us, due to our strict and swift deletion policy of transferred temporary files. The only exception would be 100% verified situations there would be a serious emergency or a highly critical situation and almost without exception initiated by the authorities or law enforcement.
    • Security Measures: We implement strict security protocols to protect your data during the transfer process, including encryption and secure connections.
  4. Error Handling:
    • Exception Handling: In the event of an error during the transfer, our system is designed to log the error without exposing or retaining the data. Any necessary debugging is done with a focus on resolving transfer issues rather than accessing data content.
  5. User Control:
    • User-Driven Transfers: You have complete control over the data transfer operations. The files are processed based on your configurations and requirements.

By adhering to these practices, we ensure that your data remains secure, private, and only handled in a manner necessary to facilitate the transfer you have requested. Your trust is important to us, and we are committed to maintaining the integrity and confidentiality of your data.

Your trust is what matters the most to us

By integrating these comprehensive security measures, Netice ensures the highest level of data protection and user privacy. We remain committed to continuously enhancing our security practices to maintain the trust and safety of our users.

For more information about our security practices and how we protect your personal information, please refer to our privacy policy.