Security at Boappa
Boappa is processing your personal data, housing-related information, and private communications. With personal information such as names, emails, phone numbers and addresses being stored in Boappa, the security of the system needs to be tight. We do our utmost to make sure that all of this data will be handled safely and securely and will never be shared without your consent.
The General Data Protection Regulation (GDPR) is a European privacy law which became enforceable on May 25, 2018. The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and is intended to harmonize data protection laws throughout the European Union (EU) by applying a single data protection law that is binding throughout each member state.
At Boappa we only collect and store information that is necessary to offer our service, and we do this with the consent of our customers. Our approach towards privacy, security, and data protection aligns with the goals of GDPR.
Physical and Network security
Boappa uses Amazon’s AWS platform and infrastructure. Our employees do not have any physical access to our production environment.
As an AWS customer, we benefit from a data center and network architecture that can meet the strictest of requirements.
“Amazon has many years of experience in designing, constructing, and operating large-scale data centers. This experience has been applied to the AWS platform and infrastructure. AWS data centers are housed in nondescript facilities, with military grade perimeter control berms. Physical access is strictly controlled both at the perimeter and at building ingress points by professional security staff utilizing video surveillance, state of the art intrusion detection systems, and other electronic means. Authorized staff must pass two-factor authentication no fewer than three times to access data center floors. All visitors and contractors are required to present identification and are signed in. They are also continually escorted by authorized staff.”
AWS platform also provides significant protection against traditional network security issues including, but not limited to, Distributed Denial Of Service Attacks, Man In the Middle Attacks, Port Scanning, and Packet sniffing by other tenants.
At Boappa we restrict administrative privileges to very few employees. Both application-level roles and AWS roles are used to ensure only required operations are allowed for specific users. Access to customer data stored within our application is restricted on a ‘need to access’ basis.
Our application servers can be accessed only via HTTPS. We use industry-standard encryption for data traversing to and from the application servers. User input is properly encoded when displayed to ensure XSS vulnerabilities are mitigated.
Boappa uses Amazon’s DocumentDB for storing application data. The automated backup feature is in use and data is backed up to 30 days. For storing files we use Amazon’s S3.
SSH keys are required to gain console access to our servers and each login is identified by a user. Hosts access is restricted based on functionality. Incoming requests are allowed only from ELB and database and cache servers can be accessed only from application servers.
We periodically check and apply patches for third-party software/services. If vulnerabilities are discovered we apply the security updates. We perform internal vulnerability assessments on a bi-yearly basis.
We use AWS provided monitoring systems and will get alerts through email if there are any errors or abnormalities in operating our services.
Security in Software Development
Agile workflows let us fix any vulnerabilities quickly. We have a strict internal policy on prioritizing for fixing any security issues that have been found.
We continuously assess the security of our application. Developers conduct code reviews regularly, although these reviews are not specifically security-targeted.
We are working continuously to improve the security of our systems. If you find any security issue, please send it to email@example.com. We will ensure the issue is fixed and updated as fast as possible.