Security Overview
How we protect your data
Keeping your data safe and secure is a huge responsibility. Here's how we take care of it.
Data Protection & Backup
- All data is written to multiple disks instantly and backed up daily.
- Backups are stored in multiple geographic locations.
- Database backups are encrypted using industry-standard GPG encryption.
- We perform regular backup restoration tests to ensure data recoverability.
Encryption
- In Transit: All data transmitted between you and our servers uses HTTPS with TLS 1.3 encryption.
- At Rest: Uploaded files and sensitive data are encrypted at rest.
- Passwords: User passwords are hashed using bcrypt with a high cost factor.
Infrastructure
- Our infrastructure is hosted in EU data centers with ISO 27001 certification.
- Full redundancy across power supplies, network connections, and climate control.
- 24/7 on-site security with biometric access controls and surveillance.
- Regular security patches and updates applied to all systems.
Payment Security
- All payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider.
- We never store complete credit card numbers on our servers.
- Payment data is transmitted using bank-level encryption.
Access Controls
- Employee access to customer data is strictly limited and logged.
- We maintain audit logs of all data access by our team.
- Unauthorized access to customer data is grounds for immediate termination.
- We use multi-factor authentication for all internal systems.
Incident Response
- We have a dedicated security team monitoring for malicious activity.
- In case of a data breach, we commit to notifying affected customers within 72 hours.
- We maintain an incident response plan that is regularly tested and updated.
Report a Security Issue
If you discover a security vulnerability, please report it to security@practiso.io. We appreciate responsible disclosure and will acknowledge your report within 48 hours.