ProspectSafari Security Policy
We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.
- We systematically use HTTPS on ProspectSafari.com or any of ProspectSafari’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
- We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
- Backups are either encrypted themselves or on encrypted disks.
- Datacenters selected to host ProspectSafari’s services are all situated within the EU and are ISO27001 certified.
- Datacenters have 24/7 surveillance teams with fencing and strict security procedures.
- Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.
General Data Protection Regulation (GDPR)
- ProspectSafari services are fully compliant with GDPR legislation.
- All customer data is stored in Germany in compliance with GDPR requirements.
- A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
- A firewall is systematically used on ProspectSafari’s servers to prevent access from non-approved IP addresses.
- Critical admin interfaces are protected using at least double-authentication.
- Our software infrastructure is regularly updated using automatic update mechanisms when possible.
- Encrypted messaging systems are available to ProspectSafari’s employees and contractors, and used for most communications.
Debit / Credit Card Information
- ProspectSafari does not store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
- The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.