Flowzone (“The Service”) uses industry-accepted encryption methods and products to protect Customer Personal Data and communications during transmissions between a customer's network and The Service including encryption for data in transit over public networks and encryption for data at rest.
1. Encryption in Transit
All data transferred over public networks is encrypted via HTTPS/Transport Layer Security (TLS).
2. Encryption at Rest
Data at rest is encrypted using at least AES-256 or higher levels of encryption. Flow Technologies shall not make copies of Customer Personal Data unless it is reasonably necessary to provide The Service and for backup purposes.
Flow Technologies follows the “Principle of Least Privilege”, with the intent of reducing access and only allowing employees access to the tools, systems, and data they need to perform their job. Access to production systems are role-based, centralised, auditable, and regularly reviewed.
The end user has access to choose between BankID (Norway) or a combination of email and password as authentication. Flow Technologies recommends that the user secures an account using BankID, which is approved according to the EU standard eIDAS and based on two-factor authentication.
Flow Technologies will monitor Flowzone for unauthorised intrusions using log-based intrusion detection mechanisms. In addition to documenting what resources were accessed, the audit log entries include destination and source addresses, a timestamp and information about which changes were made in the system and by who.
Flow Technologies maintains security incident management policies and procedures. Flow Technologies will promptly notify affected Customer(s) in the event we become aware of an actual or reasonably suspected unauthorised disclosure of Customer Personal Data.
Flow Technologies will backup critical data at least once per day at a different physical location than the primary servers. All backups are stored within the EU and encrypted at the storage level using AES. The backup can ensure rapid disaster recovery and service restoration across different geographical locations.
Maintaining data security is a matter of preparation but also of consistency. Flow Technologies has a monthly meeting to review security measures with the team. This helps make sure that everyone on the team is aware of and implementing critical data security measures and making sure that they are doing the preparation needed to avoid, or mitigate, security risks.