Personal data security policy

Data hosting in France

BeesApps is a 100% French company not subject to the US Patriot Act, meaning that all data stored in its database cannot be reused by other companies in France or abroad. No personal information of the user of the www.beesy.me service is published without his or her knowledge, exchanged, transferred, assigned or sold on any medium whatsoever to third parties. For more information, see the general conditions of use of the Beesy.me service as well as its privacy policy.

The location of our data centers in France guarantees our users the confidentiality and security of personal data in accordance with the GDPR, for more information see our GDPR policy.

Beesy.me is a service in SaaS mode, the hosting is provided by a French host and physically located in metropolitan France. These data centers are approved and benefit from a highly secure physical access.

Protection against data loss

Data loss prevention (DLP) is an important topic at BeesApps because we care about protecting all our customers’ data. With data protection strategies, we enable our users to avoid accidental disclosure of their data and the leakage or loss of information.  

Sauvegarde

  • Daily backup on storage servers equipped with RAID 1: data is duplicated on 2 different disks, which means that if one of the 2 disks stops working, the second one takes over and your data is not lost. This is to guarantee data security. 

  • High Availability Cluster Architecture: the goal is to ensure our users a quality service by avoiding service unavailability as much as possible.

  • CDN (Content Delivery Network): this type of system increases the speed of the website to ensure that visitors wait as little as possible to see a page appear.

  • Export in xls / csv (spreadsheet type files) in the application: you can export your data at any time

  • On terminal equipment: incremental object-by-object synchronization, i.e. backup after modification of a file and complete resynchronization in the event of loss or theft to ensure maximum security for your personal data by automatically synchronizing them on our servers.

  • Soft deletion management: permanent possibility to go backwards

Monitoring

  • Monitoring and alarm system on servers: this system makes it possible to detect the risks of incidents in real time and to know the state of health of the network and servers for data security and to provide the best possible service.

  • 99.99% SLA on our servers: guaranteeing continuity of IT service as well as high-quality performance and availability

  • On-site intervention 1h: in case of service malfunctioning

  • Procedure for restoring data

~

Intrusion protection

With the massive use of email in strategic corporate communications and exchanges in the different tools of the company, a lot of sensitive data circulates every day. To protect this data and its compliance without reducing the productivity of our users, we do everything possible to simplify the management of sensitive data.

Physical

  • RFID badge identification: access control to server storage rooms for professional use

  • Facial recognition

  • 24/24 7/7 Physical security personnel & APSAD R81: installation allowing automatic intrusion detection in the areas to be monitored

  • Secure racks: the storage and warehousing of servers containing personal data are secured so that they are not subject to any inconvenience (falling pallets, collapse of the structure)

  • BeesApps and Beesy.me servers are physical servers and not on an outsourced cloud offer: a physical server such as the BeesApps server is accessible only by the person who owns the server, whereas a virtual server (cloud) is accessible by several people and is less efficient.

Authentification and encryption

  • SSL via 2048 bit GlobalSign – Secure communication protocol to provide platform users with a secure connection

  • Clustering of authentication data via Oauth 2.0: method of data analysis and protection to allow access to the data only by authorized people

  • Remote access > SSH via VPN only, use of a 2048-bit private key: secure connection protocol (SSH) via a virtual private network (VPN) and use of an encryption key whose protection can be measured by the length of the key here 2048 bits (high level of security).

Security

  • DDOS & DOS protection through an outsourced service that is recognized in the field: protection against computer attacks aimed at making the service unavailable to the users.

  • Firewall administered by BeesApps: The Firewall, or firewall, guarantees the security of a network’s data.

  • Specific administrative rules, intrusion detection system: allows to deny access to a person trying to connect to the service to harm it.

  • Intrusion – exponential ban against: port scanning, brute force attacks on passwords and any attack that generates events in logs

  • Password protection: like other important data in the Beesy.me service, passwords are of course encrypted.

Autorization

  • Password change via email only with security based on a limited lifetime token: the token allows the user to log in to the service for a specific period of time

  • Account revocation: allows you to remove access to an account but also to the various devices connected to it centrally

Quality Assurance

Quality Assurance verifies that a product or service conforms to specific requirements.

  • Security audit with different pentest solutions: the method consists in analyzing the infrastructure of a computer network in order to simulate the attack of a malicious user or even malicious software. We regularly test our solution with different tools

  • Security testing unit via our software development solution: we test the different models of our code with our development tools in order to always guarantee a level of security “by design”.

Monitoring et Logs

  • Login logs for 1 year for users and admins: we keep a record of the dates and traces of connection to the various accounts of the Beesy.me service.

  • Management of access logs by device for each user account: the logs are divided by device for more accuracy.

  • Login error alarms: An alarm is triggered when a user tries to log in several times without succeeding. His IP address will be banned after a certain number of attempts.

If you have any questions, please do not hesitate to contact us at [email protected]

Personal data security policy - Beesy

You can also create an account to test our solution for 1 month for free!


Contacteznotre équipe commerciale