Data security

The security of your customer’s data is of great importance to us. This document gives an overview of the technical and organisational measures we have implemented to keep this data safe.

General data security

All our employees are regularly trained in security practices. We use various industry-standard technologies and services to secure your data from unauthorised access, disclosure, use, and loss. Security is directed by Spotler Connect’s Head of Engineering and maintained by Spotler Connect’s Security and operations team.

Data storage

Our databases and applications are hosted in AWS data centres in Frankfurt, Germany. These data centres pass strict safety requirements and certifications, such as ISO 27001, ISO 27017, and ISO 27018, and are also GDPR-compliant.

Encryption

We encrypt data whenever possible, both while it is transported using industry-standard TLS and stored. The disks in data centres are all encrypted at rest via Customer Managed. We use modern TLS implementations and strong cypher choices such as SHA512.

Payment information

Spotler Connect’s Payment method and SEPA direct debit are handled by Mollie, which has been audited by an independent PCI Qualified Security Assessor and is certified as a PCI Level 1 service provider, the most stringent level of certification available in the payments industry. Spotler Connect does not typically receive credit card data in most situations, making it compliant with Payment Card Industry Data Security Standards (PCI DSS).

Data replication

To ensure the safety and consistency of your data, we regularly back up your data. Our application is cloud-based and can be maintained from any infrastructure.

Data consistency

We take great care not to lose your order data or any products. This is why we are strict about data consistency. We enforce this with stable, mature relational database technology and a strongly typed data model.

Anonymisation

By default, Spotler Connect automatically anonymises any of your customer’s data that has been stale for 365 days. Spotler Connect will only retain certain fundamental information to ensure that processes can be performed optimally now and in the future.

Auditability

Application monitoring platforms log and track actions within our tool, as described in our list of subprocessors. We also keep detailed statistics about the performance of our infrastructure. Found a problem? Please get in touch with us as soon as possible at support@spotler.com.

Go to top