Ensuring Data Safety & Security at All Times

We comprehend the significance of safeguarding your data and consider it a crucial aspect of our responsibilities.

Always Working To Meet Compliance Standards

Our systems undergo continuous internal assessments to maintain optimal performance and meet industry standards. We undergo regular penetration testing and audits to maintain our industry certifications and maintain a leading position in best practices.

Guaranteed Uptime

We have implemented redundancies throughout our operations to ensure a contractual obligation of 99.9% uptime. In case of any variations in our system's functioning, our staff is immediately notified.

Prioritizing Security

All our products are compliant with ISO 27001:2013 security standards, incorporating the best practices and highest benchmarks in the industry. Our methods are continually reviewed and improved, with robust encryption routines in place. The data in our system belongs to you and is never handled or shared without your consent.

Certified for your Peace of Mind

We reinforce our security commitments by meeting the highest standards in the industry, including ISO 27001:2013, GDPR Compliance, AWS Certification, and undergoing regular external penetration tests based on OWASP recommendations.

AWS certification
OWASP certification
ISO certification

Do you want to learn more about our security standards?

Download our Security White Paper

Singu Security Protocols

Here's how we guarantee the safety and security.

Application

We prioritize robust security measures throughout our app design. All communications are encrypted with the HTTP protocol, and our in-app databases are secured with encryption and privilege verifications for all requests. The security of user data and the ability for administrators to retain control are at the core of our system.

Ongoing Procedures

System logs are constantly monitored by the Velis Support team, who take the necessary immediate steps. We have contracted an external company to conduct regular penetration tests using the OWASP Top 10 detection methodology. Automated tests are conducted on source code updates to ensure that standards are upheld and any bugs are identified.

Authentication

The system requires that passwords be at least 8 characters long, expire after 30 days, contain a combination of upper and lowercase letters, one digit, and one special character. Login attempts are limited to five before the account is locked, and an administrator must intervene to unlock it. All passwords are encrypted via the Blowfish block cipher algorithm.

Audits

Velis has been adhering to the ISO 27001:2013 standard since 2014, a globally renowned benchmark for information security management systems. We are compliant with a variety of distinct security elements that include hardware acquisition, software development, web hosting services, network building and upkeep, and other IT services. Both internal and external auditors are integrated into our security framework.

Data Protection

We safeguard your data by backing it up daily with a 3-day window for file retrieval and the option of hourly backups and up to 60-day full recovery. All of this is done via external servers that are encrypted to keep your information secure.

Would You like to Know More about Our Security Protocols and Reliability?

FAQ

Where is data physically stored?

This depends on your selected hosting option. With standard hosting it is at Warsaw Atman (main server room) and OVH in France (backup). In the case of AWS (Amazon Web Services), the location is arranged based on a variety of factors (with Frankfurt being the default).

How secure is the data centre?

The data centre is ISO 27001 certified. It includes:
· Professional Power Supply — UPS system with a total power of 8580 kVA and five 26 MW independent medium voltage lines.

· Cooling — Air conditioners operating with N + 1 redundancy.

· Fire Detection System — Optical-temperature sensors and early smoke detection system, independent fire zones, and 120-minute fire resistance.

· Fire Extinguishing System — Gas extinguishing systems by Inergen and Argonite.

· Security — CCTV system inside and outside facility, access control based on proximity cards (with customised PIN, biometrics, and locks on request), burglary and panic attack system with automatic notification of external intervention group, and security personnel monitoring property 24/7.

How secure is the software where the guest data is stored?

The software uses security best practices, including:

· Data encryption — All data between your browser and the system is encrypted using the SSL standard.

· Privilege matrix — Use our ACL (access control list) module to assign and revoke privileges of users.

· OWASP Top 10 and ASVS (Application Security Verification Standard Project) standards.

· Internal and external security audits.

Who is the owner of the data in the system?

You remain the sole owner of all data stored in the system.

Is Velis authorized to use the data stored in the system?

No, we cannot use your data for any purpose not directly related to our contract (e.g. providing technical support).

Who administrates personal data?

You remain the sole administrator of all personal data stored in the system.

Can you export data stored in the system?

Yes, you can use built-in export options to extract data (e.g., into MS Excel format). You can ask us to develop additional exportable reports that match your needs.

What happens to data after the termination of the contract?

We will ask you what to do with the data. We can destroy it or export it to various formats, including storage on an external device (USB, hard drive, etc.).