Skip to main content

Security Statement

Infrastructure and Data Storage#

  1. All Sophare’s applications are hosted on Amazon Web Services (AWS), in Europe eu-west-2 (datacenter).
  2. All data access through Sophare applications requires AWS Cognito authentication. Direct data access is restricted to Sophare administrators.
  3. Access to edit company data is restricted to named individuals only.
  4. All AWS components use IAM roles and fine-grained least-privilege-access custom IAM policies to access AWS resources.
  5. Administrative access to the AWS account is only permitted via a two-factor authenticated login held by the two Sophare Founders.
  6. User authentication is provided through AWS Cognito for social identity providers and enterprise identity providers. Multi-factor authentication (MFA) can be enabled upon request. For information about AWS Cognito, please refer to https://aws.amazon.com/cognito/details/.
  7. Data storage is multi-tenant within Sophare. Sophare does not share data storage resources with any other company.

Data Storage#

  1. Data is stored with encryption at rest following best practice.
  2. When selecting desired fields as part of adding a new data source, the data is only stored in memory on the client side. Once sensitive/undesired data has been deselected, the data is persisted in storage on AWS. As such, you can choose for sensitive data to never be stored on Sophare servers.
  3. If you decide to terminate your relationship with Sophare, your data and settings will be retained for up to 3 months. After this period, your data and settings will be permanently deleted and cannot be recovered. If you prefer to have your data deleted immediately upon termination, please inform us, and we will fulfill your request.

Application Security#

  1. TLS/SSL (HTTPS) is mandatory for all web requests made to Sophare. Certificates are managed by Amazon’s Certificate Management service, and rotated and updated yearly.
  2. As best practice, Sophare uses AWS Cognito to manage authentication. We recommend our customers use two-factor authentication, particularly on the management application.

Data Sharing#

  1. Sophare does not share your data with third parties except at your explicit request.
  2. Sophare might provide anonymous, aggregated network insights to our members. When Sophare provides this service, individual or company-specific information will never be shared. You will be notified and given the choice to opt out of being included in the aggregated data.

Breach Notification#

  1. In order to protect you and your information, Sophare may suspend your use of our applications without notice, pending an investigation, if any security breach is suspected.
  2. Sophare will promptly notify affected customers of any data breaches once the extent of the breach is understood, but no later than within 72 hours.
  3. Sophare conducts postmortem procedures for security or system failures and shares the findings with customers.