Connexa has taken security very seriously,
Any personal data provided and managed within Connexa is treated with accuracy and in compliance
with the Swiss Federal Act on Data Protection (FADP, SR 235.1).
Connexa further warrants that it has implemented commercially reasonable technical, security and organizational measures designed to:
- Secure Customer and Personal Data from accidental loss and from unauthorized access, use, alteration or disclosure.
- Adequate and secure data backup procedures in place.
- Establish processes to ensure secure data handling and data destruction.
- Provide you, Community Builder, the control of who has access to your data.
Our servers and data structure is frequently tested for vulnerabilities by external auditors. In the event that any unauthorized access to any Connexa environment, Connexa will immediately notify the Community Builder in writing and shall cooperate with all requests and the investigation into such matter.
Any new data stored in persistent disks is encrypted under the 256-bit Advanced Encryption Standard, and each encryption key is itself encrypted with a regularly rotated set of master keys. Connexa uses SSLs use SHA-2 and 2048-bit encryption to stop hackers in their tracks. That’s the strongest encryption on the market today. It’s virtually uncrackable and it complies with the CA/Browser Forum guidelines.
Tokens are invalidated after each request to the API. The following diagram illustrates this concept:
During each request, a new token is generated. The access-token header that should be used in the next request is returned in the access-token header of the response to the previous request. The last request in the diagram fails because it tries to use a token that was invalidated by the previous request.
Data is stored on servers located in Google’s Cloud Platform.
Google data centers feature a layered security model, including safeguards like custom-designed electronic access cards, alarms, vehicle access barriers, perimeter fencing, metal detectors, and biometrics. The data center floor features laser beam intrusion detection. Their data centers are monitored 24/7 by high-resolution interior and exterior cameras that can detect and track intruders. Access logs, activity records, and camera footage are reviewed in case an incident occurs. Data centers are also routinely patrolled by experienced security guards who have undergone rigorous background checks and training. Cloud Platform and Google infrastructure is certified for a growing number of compliance standards and controls, and undergoes several independent third party audits to test for data safety, privacy, and security. Read more about the specific certifications on our compliance page. If you would like to get in touch with one of our experts in regards to security, please contact us.