Platform and data security
Easynav.xyz gmbh uses industry best practices to ensure its security. This document describes the measures we take to prevent your data from falling into the wrong hands.
Physical security
Server and network security
Easynav.xyz gmbh hosts the majority of its applications at hosttech GmbH. hosttech provides state-of-the-art data center security that meets industry standards such as SOC, PCI DSS and ISO 27001. All responsibility for physical network and server security for these parts of the application is delegated to hosttech.
Network Security
Similar to the security of our physical network, the majority of our virtual network security is handled by hosttech. hosttech provides fully isolated environments in which we deploy our applications.
In addition to the security measures described above, Easynav.xyz gmbh implements various other best practice measures to further ensure the security of your data:
Change control
We capture all configurations in code to ensure visibility into underlying network and infrastructure changes. It is entered into version control, and all changes are tested for security, scalability, and durability before deployment. We also thoroughly test all changes in a dedicated staging environment before deploying them to the production environment.
Server security
Security patching
Easynav.xyz gmbh servers are automatically and continuously patched with the latest security updates. This ensures that we can minimize our exposure to known vulnerabilities.
Application security
Change control
Since this is a web application, code changes are made and deployed continuously. Updating to the latest version requires nothing more than updating the browser.
Design and development
New features and changes are carefully planned and designed. After approval, development begins and all code is checked into version control.
Review
All code changes are peer reviewed for quality, performance and correctness. The code is also reviewed from a security perspective.
After publication
Feedback and bug reports are collected from customers, and changes and corrections are made as necessary.
Authentication and authorization
Passwords
The main registration method of Easynav.xyz is by mobile phone number and OTP code.
Email address and password are used only for registration. Your password will never be stored in plain text.
If you forget your password, you can reset it by providing the email address associated with your account. A link with a cryptographic token will be sent to the specified address, which you can use to reset your password.
Multi-factor authentication (MFA)
MFA is mandatory for registration. This applies to the phone number and e-mail address.
Cookies
Once a user is logged in, Easynav.xyz gmbh stores session tokens as secure, HTTP-only cookies in the user’s browser to identify them as authorized to access the site. This is further protected by the use of CSRF (Cross Site Request Forgery) tokens and strict CORS policies to prevent cross-domain requests and unauthorized use of the cookie. Cookies expire after two weeks, which means that users are automatically logged out.
Data Sanitization
The data entered by the user can be stored in a database and replayed in the browser. This can open the possibility for SQL injection and cross-site scripting (XSS) attacks. All data entered into databases or rendered in HTML is sanitized accordingly.
Logging and monitoring
To create an audit trail and enable quick investigation of potential threats or issues, all requests to Easynav.xyz services are securely logged and contain enough information to recover events.
Information that may be logged includes IP addresses, request headers, request payloads, device information, status codes, response times, and failed login attempts. We never log confidential or sensitive data. All logs are retained and backed up for the duration of their usefulness. In addition, error rates and performance metrics are constantly monitored to ensure you have the best end-user experience possible.
Availability
This is supported by service level agreements that ensure uptime. Nevertheless, downtime may occur in exceptional cases.
For this reason, we have designed all our services to be highly available and fail-safe. All hosts and applications are constantly monitored for availability. Should a failure occur, an automatic fallback is initiated. This strategy mitigates both instance-level and data center-level failures.
In addition, the services that make up the application are monitored with an external tool that controls uptime from multiple locations around the world. If an outage occurs, a technical staff member is immediately notified and, depending on the severity of the outage, a solution is found as soon as possible. Easynav.xyz gmbh strives to maintain an annual uptime of 99%.
Scalability
From the beginning, we designed the Easynav.xyz Platform to meet the big data requirements associated with processing, hosting, analyzing and delivering survey data around the world.
Information Security
Easynav.xyz gmbh classifies all information submitted by users as confidential and important. We use several methods to ensure that customer data is available and secure at all times:
Data storage and transmission
All data transmitted to and from the Easynav.xyz platform is encrypted and securely transmitted via HTTPS with TLSv1 or higher, 128-bit cipher or higher depending on the client. All internal data transfers between Easynav.xyz services are also protected by encryption.
After transmission, all data is stored securely. The databases are also password protected and access is only possible from IP addresses that are on the whitelist. Access and permissions to modify or delete data are delegated only when necessary and according to the principle of least privilege.
All data to be processed or displayed is stored in Switzerland.
Privacy
Easynav.xyz gmbh complies with all local data protection laws, including the General Data Protection Regulation (GDPR), and is committed to keeping your personal data safe and secure. For more information, please see our Privacy Policy.
Data breaches
In the event of unauthorized access to your data, we will notify you as soon as possible after becoming aware of the problem.
Any questions? Please contact info@easynav.xyz for more information.