1. Home
  2. Docs
  3. Legal
  4. Policies
  5. Security Policy

Security Policy

ProspectSafari Security Policy

We take the security of the data we manage very seriously. Here are some of the steps we take to ensure we keep this data safe.

Data Encryption

  • We systematically use HTTPS on ProspectSafari.com or any of ProspectSafari’s subdomain. Any connection in HTTP gets redirected to it’s secured counterpart.
  • We have a strict and systematic HSTS policy with preload for all our subdomains. This ensures most clients (in particular browsers) will systematically connect using encrypted methods.
  • Backups are either encrypted themselves or on encrypted disks.

Physical Security

  • Datacenters selected to host ProspectSafari’s services are all situated within the EU and are ISO27001 certified.
  • Datacenters have 24/7 surveillance teams with fencing and strict security procedures.
  • Any data stored outside of a datacenter for off-site backups are stored on encrypted drives using state-of-the-art technologies.

General Data Protection Regulation (GDPR)

  • ProspectSafari services are fully compliant with GDPR legislation.
  • Our Terms of Service include our comprehensive Privacy Policy and Data Processing Agreement in line with GDPR and other applicable data protection laws.
  • All customer data is stored in Germany in compliance with GDPR requirements.

Software

  • A Web Application Firewall is set up to filter incoming requests trying to compromise the service.
  • A firewall is systematically used on ProspectSafari’s servers to prevent access from non-approved IP addresses.
  • Critical admin interfaces are protected using at least double-authentication.
  • Our software infrastructure is regularly updated using automatic update mechanisms when possible.
  • Encrypted messaging systems are available to ProspectSafari’s employees and contractors, and used for most communications.

Debit / Credit Card Information

  • ProspectSafari does not store any credit card information (except non-usable information to ease customer support, for example, the last four digits of the card).
  • The provider handling all the card details is certified as a PCI Level 1 Service Provider, the most stringent level of certification available in the payments industry.