Ensuring the Security of Your Data

At Netice, protecting your data is our highest priority. This Security Policy outlines the comprehensive measures we take to safeguard your sensitive information while ensuring compliance with both the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR). This document complements our Terms of Use and Privacy Policy to provide a detailed overview of our security practices.

Netice Data Transfer Platform: A Secure Environment

• Data Accessibility: Accessing the Netice platform does not grant access to the data used in your transfer tasks. Data transfers occur in secure environments outside the platform, ensuring that your sensitive data remains isolated and protected.
• Secret Protection: Secrets such as Google Cloud service account keys, SFTP passwords, and private keys are encrypted and securely managed outside the platform using Google Cloud Secret Manager, ensuring no unauthorized access.

Storage and Encryption of Sensitive Data

Google Cloud Secret Manager

We utilize Google Cloud Secret Manager to store sensitive secrets such as SFTP passwords, private keys, and Google Cloud Platform (GCP) service account keys. Secret Manager provides a secure and convenient way to manage and access secrets, ensuring they are protected with encryption both at rest and in transit. This service also offers fine-grained access control and audit logs to monitor secret access, further enhancing security.

Encryption of Sensitive Fields

Encryption Standards

All sensitive fields within our application are encrypted using industry-standard algorithms (e.g., AES-256). This ensures that sensitive information remains secure and unreadable by unauthorized parties.

Password Security

Password Encryption

User passwords are securely hashed and salted using strong cryptographic algorithms before storage. We employ algorithms such as bcrypt, which are designed to be computationally intensive, making brute-force attempts highly impractical. This method ensures that user passwords are protected.

Firebase Security Measures

Our application leverages Firebase Authentication for secure user authentication. Firebase provides several built-in security features:

1. Secure Authentication Tokens: Firebase generates secure tokens for authenticated sessions, which are short-lived and require re-authentication periodically.
2. Transport Security: All communications with Firebase services are encrypted using HTTPS, ensuring data integrity and confidentiality.
3. Multi-factor Authentication: Firebase supports multi-factor authentication (MFA), adding an extra layer of security by requiring users to verify their identity using multiple methods.

Secure Payment with Paddle

Payment Security

We use Paddle for secure payment processing. Paddle is a trusted payment platform that handles transactions with the highest security standards. It complies with the Payment Card Industry Data Security Standard (PCI DSS), ensuring that all payment information is processed securely. Paddle provides:

1. Encrypted Transactions: All transactions are encrypted, protecting user payment information during processing.
2. Fraud Prevention: Paddle employs advanced fraud detection and prevention measures to safeguard against unauthorized transactions.
3. Compliance: Paddle complies with global payment security standards, ensuring a secure payment experience for our users.

Compliance with GDPR and CCPA

GDPR Compliance

1. Data Minimization: Only the data necessary for providing our services is collected.
2. User Rights: Users can access, correct, delete, or restrict the processing of their personal data.
3. Data Transfers: All cross-border data transfers use mechanisms such as Standard Contractual Clauses.

CCPA Compliance

1. Right to Access and Deletion: Users can request access to their stored data and delete it via self-service or contacting support.
2. Do Not Sell: Netice does not sell personal data under any circumstances.
3. Identity Verification: A robust two-step identity verification process ensures compliance with CCPA’s standards for data access requests.

Web Security Enhancements

Cross-Site Request Forgery (CSRF) Protection

We have implemented CSRF protection to prevent unauthorized commands being transmitted from a user that the web application trusts. By including CSRF tokens in our forms and validating these tokens on the server side, we ensure that requests are genuine and initiated by authenticated users.

Content Security Policy (CSP) and Nonces

To mitigate cross-site scripting (XSS) attacks, we employ a Content Security Policy (CSP). CSP is a security standard that helps prevent a range of attacks by specifying which content sources are trusted. Additionally, we use nonces (cryptographic tokens) to ensure that only scripts explicitly approved by our server are executed, further bolstering our defense against injection attacks.

Security of the transferred data

We understand that the security and privacy of your data are of utmost importance. Under regular operations, we do not see any of the content in the data you transfer – your data is not provided for anyone to access, it is not distributed, sold or exposed in any way and all of this would go strictly against all that we stand for. We would like to assure you that our system is designed to handle your data with the highest level of confidentiality and security. Here are the key points regarding our data handling practices:

1. Temporary Data Storage:
   • Ephemeral Storage: Your data is only stored temporarily in our system. The files are transferred to a secure temporary directory solely for the duration of the transfer process.
   • Swift Deletion: Once the transfer to the intended destination is successful, the files are promptly deleted from the temporary storage to not be retained longer than necessary.
2. No Established Access:
   • Automated Processes: The transfer process is fully automated. Our system does not retain or have regular access to your data.
   • No Human Intervention: Under normal operating conditions, there is no human intervention required in the data transfer process, ensuring that your data remains private and unseen by our team.
3. Data Privacy Commitment:
   • Confidentiality: In addition to such actions being completely outside of our regular operations and strictly outside our code of conduct, no one in the organization has the regular permission to access the content of your data. Our role is solely to facilitate the secure transfer of your files from the source to the destination you specify. We categorically refuse to access the contents of the data, nor do we generally even have any of it available for us, due to our strict and swift deletion policy of transferred temporary files. The only exception would be 100% verified situations there would be a serious emergency or a highly critical situation and almost without exception initiated by the authorities or law enforcement.
   • Security Measures: We implement strict security protocols to protect your data during the transfer process, including encryption and secure connections.
4. Error Handling:
   • Exception Handling: In the event of an error during the transfer, our system is designed to log the error without exposing or retaining the data. Any necessary debugging is done with a focus on resolving transfer issues rather than accessing data content.
5. User Control:
   • User-Driven Transfers: You have complete control over the data transfer operations. The files are processed based on your configurations and requirements.

By adhering to these practices, we ensure that your data remains secure, private, and only handled in a manner necessary to facilitate the transfer you have requested. Your trust is important to us, and we are committed to maintaining the integrity and confidentiality of your data.

Your trust is what matters the most to us

By integrating these comprehensive security measures, Netice ensures the highest level of data protection and user privacy. We remain committed to continuously enhancing our security practices to maintain the trust and safety of our users.

For more information about our security practices and how we protect your personal information, please refer to our privacy policy.