Security

 

Security matters!

In Oveo we are determined to prioritise security. Our infrastructure and the services running on it are designed to keep your data safe. We have a set of well defined processes in place to ensure that all the data we collect is kept safe and managed according to GDPR regulations.

Oveo believes strongly in transparency. As a customer in Oveo, you have full insights into what we store, where we store it and how we manage it.

A secure platform
 

Encryption

All data is encrypted both in transit and at rest. Database instances, including read replicas and backups are encrypted using the industry standard AES-256 encryption algorithm. Encryption is enforced via TLS to all data in transit. Our databases are hosted on Amazon cloud infrastructure, using Multi-AZ deployment for enhanced availability and durability. Only secure (HTTPS) access to Oveo website and app is enabled. As such, all non-secure HTTP requests are redirected for the HTTPS endpoint before they can be served.

Application Security
 

Role based access control

Oveo has implemented a role based access control for resources authorisation management. Each user is identified with a unique session and the user authorisation scope is defined by the role associated with the user. Organisation admin users can create and update roles and assign them to users, and full overview of which users have access to what.

User Authentication

Oveo uses OpenID authentication protocol for user authentication and has integrated Google and Microsoft identity providers.

Infrastructure Security
 

Cloud Computing Services

Oveo uses Amazon Web Services and DigitalOcean for hosting and compute power. Both service providers maintain and demonstrate SSAE-16 SOC 1 and 2, ISO 27001 reports and certifications. Web servers and databases run on servers in secure data centers located only in Europe.

Backups

To maintain a robust disaster recovery strategy, Oveo uses Amazon Aurora automated backups which allows us secure backups as well as quick recovery. We test our backup recovery regularly.