Why Digitoo

Security First: Data Protection and Reliability with Digitoo

8406b729-894e-4be8-bb76-066dfa49aba5.png

Encrypted Communication


All communication outside our virtual private network on the Azure platform is conducted via TLS security protocols. Encrypted communication between our users and the server is ensured through the HTTPS protocol. Encrypted SSH protocol is used for service operations.


By default, Microsoft manages the keys that protect your data. Customer data stored on physical media is always encrypted using encryption protocols compliant with the FIPS 140-2 standard. Customers can enhance data protection by using customer-managed keys (CMK), double encryption, or hardware security modules (HSM).


All data transfer between data centers is protected using IEEE 802.1AE MAC security standards, which guard against physical man-in-the-middle attacks. To ensure resilience, Microsoft employs various network paths, at times crossing geographical boundaries, but customer data replication across regions always occurs via encrypted network connections.


To minimize the risk of personal data breaches, Microsoft generates pseudonymous identifiers, enabling the offering of global cloud services (including service operation and improvement, billing, and fraud protection). Pseudonymous identifiers cannot directly identify individuals, and access to customer data identifying individuals is always protected as described above.


Protection of Our Data


We protect our company data with OWASP security standards. All Digitoo employees and partners are bound by confidentiality and data security agreements.


Access to our internal systems is secured with multi-factor authentication (2FA). We use shared password management software for passwords and secrets. All system access is remotely controlled and monitored.


Retention of Unnecessary Data


By default, we retain unnecessary data for 10 years. Data is used solely for the purpose of enhancing data mining, training, and optimizing algorithms. If needed, upon customer request, data can be deleted at any time.


Data Access


All access to user data is restricted by authorization. Each user authorizes with a unique username and password. Passwords are required to meet recommended complexity standards (OWASP), and we ensure they do not match usernames. All passwords are salted and hashed according to industry standards.


Communication between Digitoo and ERP systems occurs through integration agents. These agents use authorization tokens for limited data access. Each access is monitored, and tokens can be deactivated instantly.


Data Storage


All data is stored on Microsoft Azure servers, a well-known hosting and cloud service provider. Microsoft Azure complies with the highest security standards. Learn more about data storage.


For data recoverability in case of disaster recovery, we have a backup system with a 30-day data retention period at our disposal. We employ the concept of so-called 'soft delete,' which enables us to efficiently manage deleted data.


The Microsoft Azure service allows you to specify the region where customer data will be stored and processed. Microsoft may replicate customer data to additional regions for resilience purposes, but it will not store or process the data outside the designated geographic area.


Digitoo has restricted the data's geographic region to Europe. Without our authorization, Microsoft will not store or process your data outside the designated geographic area, in this case, Europe.


General Data Access


Our goal at Digitoo is to automate and digitize accounting. Because accounting involves highly sensitive data, we handle it with great care. Every access is in accordance with EU laws, including GDPR.


Data Processing


We continuously improve our data mining algorithms. To do this, we require a sufficient sample of accounting documents, which we use for training and gradual improvement. We use user documents for the duration of the Data Processing Agreement for this purpose.


Secure Code


During the development of our product, we follow OWASP recommendations. All code undergoes team peer review. We use automated tools for vulnerability detection and regularly update software. Code quality is continuously monitored by third-party tools. Our product is covered by unit and integration tests and is manually tested.


If you have any questions, please feel free to contact us at [email protected].

Subscribe

Are you curious about what we do? Subscribe to our newsletter for the latest news!