Security Statement

Security is very important to us, and here is a summary of what we do to guarantee that your data is safe with d!nk and that we apply the best practices to keep the applications and data secure.

1. Information Security program

d!nk maintains an information security program focused on the security and integrity of customer data. The information security program includes administrative, technical, and operational controls appropriate for the size of its business and the types of information it processes.

Monitoring
d!nk monitors its systems by logging security-related events, alerting on suspicious activity, and conducting further analysis on suspicious activity.

Logical Access Control
Access to customer data is restricted based on the least privilege principle; access is issued via a documented access authorization process. Access is revoked as soon as right for access is not longer required.

Personnel Security
d!nk ensures it hires skilled professionals who follow the d!nk security and data privacy training and sign a confidentiality agreement, acceptable use of information systems agreement, and code of conduct. Personnel transfers result in access management changes based on least privilege and role.

Incident Management
d!nk maintains an information security incident management program that provides timely response and notification as appropriate to security incidents in order to protect customer information appropriate for the size of its business.

Data Deletion
Customer Data will generally be deleted upon Data Controllor’s request. This is subject to applicable legal requirements. Backups will be kept for at least 6 months.

Business continuity policy
All d!nk owned information stored in cloud SaaS systems where information is duplicated on many sites by data processors. In case the system of a data processor becomes unavailable, users can still use the d!nk application that is offline available. All data are then stored on user device, waiting for a new connection with the system. For restoring data, d!nk team ensures a sane backup-recovery policy.

2. Software Security

Software release process
Thanks to the SaaS architecture, there is one single version of d!nk cloud infrastructure. We maintain no more than 3 versions of the app on user devices.
The agile development process (specification –development – test – documentation) is structured for a bi-weekly cycle for minor releases and a quarterly cycle for major releases.
The process involves all stakeholders of the company, supported by latest tools (Jira/Atlassian for feature and bug tracking, GitHub for source versioning).

Password Security
User passwords are protected with industry-standard encryption. We recommend to activate 2-step verification. d!nk staff does not have access to the user passwords. Login credentials are always transmitted securely over HTTPS.

Employee Access
Qualified d!nk support staff may sign into your enterprise account to access settings related to your support issue (using special staff authorization, not with your password). We do our best to respect your privacy as much as possible, we only access files and settings needed to diagnose and resolve your issue.

Physical Security
The data and applications are hosted on the Microsoft Azure cloud and Amazon Web Services, all hosted in EU. These platforms are compliant to the most stringent security standards.

OWASP Top 10
We validated our application against the OWASP Top 10.

Encryption
Content is stored using FIPS 140-2 compliant encryption.

Network security
d!nk has implemented firewall, intrusion detection and antivirus security controls to protect customer data from loss or unauthorized disclosure.

Backups and Disaster recovery
We implement daily backups of the filesystems which can be redeployed in case of disaster.

Communications
All web connections to client instances are protected with state-of-the-art SSL encryption..

3. Data Privacy

According to terminology described in the European Data Protection Directive 95/46/EC and the GDPR, d!nk NV has the role of Data Processor while the enterprise has the role of Data Controller. D!nk’s data privacy policy ensures compliance to the GDPR regulation.

d!nk has data processing agreements in place with subprocessors Google Cloud Platform and AWS.

Model clauses in the contracts with the d!nk data processors assure handling of data compliant to the EC Data Protection Directive.