Data Security Policy

Security Overview

We know your data is extremely important to you and your business, and we make it our priority to protect it.

Need to report a security vulnerability?

Please contact us for information about our responsible disclosure process and to submit a vulnerability report.

Security Layers

Physical Security

We partner with trusted enterprise cloud providers and rely on their measures in facilitating physical security.

System Security

• System installation using up-to-date OS
• Dedicated firewall and VPN services to help block unauthorized access
• Systems access logged and tracked for auditing purposes
• Secure document-destruction policies for all sensitive information
• Fully documented change-management procedures

Employee access

No Simreka employees ever access private data unless required so for support reasons. Employees working directly in the file store may access the encrypted data, however, it is never accessing plain text files as it would be in your local system.

The support team may sign into your account to access settings related to your support issue. In rare cases Employees may need to copy your data, this will only be done with your consent. Support Employees does not have direct access to copy your data, they will need to temporarily elevate their permissions to access your account. We keep track of all such events. When working on a support issue we do our best to respect your privacy as much as possible, we only access the files and settings needed to resolve your issue. All copied data is deleted as soon as the support issue has been resolved.

Software Security

Specific security policies employed within our platform are summarized in security policies page. Cloud-computing related threats and our means of mitigation are discussed here.

Data Backups

All data we store is saved on a minimum of three different servers, including a block storage backup. We retroactively remove data from backups when deleted by the user after a grace period, as we may need to restore the repository for the user if it was removed accidentally. We encrypt all data on disk and in the transfer.

On-premises deployment

We are aware that some companies are still not comfortable hosting data on any third-party-owned hardware. We can suggest private deployment options in this case.