Security Best Practices
Automaited takes information security very seriously and is dedicated to its continual improvement.
Compliance at automaited
automaited takes compliance seriously and understands its significance to both customers and partners. For this reason, we have installed an external auditor and consultancy to obtain independent third-party certification. The reports can be shared upon request. We employ the services of intersoft consulting services AG, one of the leading consultancies in Germany for the digital economy.
GDPR
automaited complies with the essential requirements of the EU GDPR, ensuring data protection is by-design and always-on across our application, infrastructure, and organization.
Data Access Control
A subset of automaited's staff has access to data via controlled interface. The intent of providing access to a subset of the staff is to provide effective customer support, troubleshoot potential problems, detect and respond to security incidents, and implement data security.
Authentication
SSO via google account or sign-in via your company email address. Users will automatically be logged out after a defined retention time.
Encryption
Our organization employs advanced encryption methodologies as endorsed by BSI, which includes the usage of 256-bit AES encryption while the data is at rest. Furthermore, we ensure the safeguarding of network communication through the implementation of TLS 1.2 protocols for the purpose of encrypting data in transit.
Change Management
- Founder code reviews: every code is reviewed by several people (always one tech founder) before being released, whether it’s a new feature or bug fix. Security reviews are performed by the founding tech team for every release.
- Code is audited for security regularly
- Continuous integration and delivery: we use GitLab for our CI tooling. Every PR that is merged is automatically subjected to a pipeline of rigorous tests and analysis as appropriate for the code that is being merged.
- We test every release via a robust testing setup
- Regular penetration testing.
Cloud Security
automaited hosts its servers in Frankfurt (Germany) and utilizes Amazon Web Services (AWS) as its cloud service provider. We also leverage AWS' security and compliance controls for data center physical security and cloud infrastructure. Further resources for this service provider can be found on the AWS Security Cloud website.
Monitoring & Logging
automaited maintains a comprehensive log of all user and automaited assistant activities. This data is used for troubleshooting and support. It is only stored as long as the purpose requires it.
External Penetration Testing
automaited undergoes an external penetration test by an independent third party on an annual cadence, at minimum.
Security Policies
automaited actively maintains a collection of data security and privacy policies which keep our customers top of mind. We live and breathe these policies to make sure our customer's data is protected and secure.
These policies are shared with each and every staff member who joins automaited, and updated regularly to stay up to date. These policies collectively ensure automaited holds themselves to the highest standards, such as the EU’s General Data Protection Regulation or GDPR.
Existing policies examples: Data Protection Policy, Bring Your Own Device (BYOD), Remote Work Policy, ...
If you have any feedback or question, please reach out to contact@automaited.com