Version 3.10 – March 2018
This policy outlines: 1) Simply Deliver’s security practices and resources, and 2) your security obligations.
Obligations under this policy (both ours and yours) are incorporated by reference into the Simply Deliver’s Terms of Service.
Without limiting any provision of the Simply Deliver Terms of Service, we will implement reasonable and appropriate measures designed to help you secure Your Content against accidental or unlawful loss, access or disclosure.
Our documentation may specify restrictions on how the Services may be configured, or specifications for Services such as apps. You agree to comply with any such restrictions or specifications.
You are responsible for properly configuring and using the Services and taking your own steps to maintain appropriate security, protection of Your Content, which may include the use of encryption technology to protect Your Content from unauthorized access and routinely archiving Your Content. The most important part of Simply Deliver services is the username and password. You’re responsible to keep them secure.
Pursuant to Section 2 of the Simply Deliver Terms of Service, you will not use the Services to create, receive, maintain, or transmit electronic GDPR Personal Data without the corresponding agreement legal agreement (GDPR data protection agreement) in place between you and Simply Deliver.
Reporting Security Vulnerabilities
If you discover a potential security vulnerability, please see our policy on Responsible Disclosure. We strongly prefer that you notify us in private. Publicly disclosing a security vulnerability without informing us first puts the community at risk. When you notify us of a potential problem, we will work with you to make sure we understand the scope and cause of the issue. Thank you!
Data Center Security
Simply Deliver Platform runs on the EQUINIX data center on a private infrastructure platform which is controlled and monitored by Basefarm.
EQUINIX is a TIER-IV class data-center. And Basefarm is continuously audited, with certification of ISO 27001. Physical access to EQUINIX data-centers are strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication a minimum of two times to access data center floors. All visitors and contractors are required to present identification and are signed in and continually escorted by authorized staff.
All public-facing to Simply Deliver platform is only possible with 443 port.
Access to servers and database is only possible by a secured VPN tunnel from Simply Deliver Offices (restricted by a fixed IP) and only by authorized people within Simply Deliver.
Simply Deliver automatically backs up your data continuously. Each transaction is simultaneously written to the change logs by Oracle Flashback technology and in every 4 hours, these are transferred to a backup location which is in OSLO (a cloud backup service provided by Basefarm.) And the retention of this is 7 days.
This means, in case we lose the primary instance totally, your maximum data loss can be up to 4 hours.
Disaster Prevention and Recovery
Simply Deliver monitors the stability and availability of infrastructure and automatically recover from disruptions, including app and database failures. In the event of a disaster, Simply Deliver restores apps from the last healthy build image and restores data from the last backup.
Simply Deliver Internal Security
We do not access or use Your Content for any purpose other than for developing and operating the Services and as required by law. As a routine matter, Simply Deliver workforce members do not require access to data processed by your Services, such as data stored under your provisioner. Simply Deliver workforce members are granted least-privilege access to customer environments only when a specific business need arises and this access can only be done from Simply Deliver offices with a secured VPN connection. Workforce members undergo criminal background screening before hire.