Boappa is processing your personal data, such as housing-related information, and private communications. With personal information such as names, emails, phone numbers and addresses being stored in Boappa, the security of the system needs to be tight. We do our utmost to make sure that all of this data will be handled safely and securely and will never be shared without your consent.
At Boappa we collect and store information that is necessary to offer and to improve our service. Our approach towards privacy, security, and data protection aligns with the goals of GDPR. Please see our Privacy Notice, for information on how we process your personal data.
Physical and Network security
Boappa is hosted mainly on Exoscale and utilizes some of Amazon’s AWS platform services. Our employees do not have any physical access to our hosting environment. As an Exoscale and AWS customer we benefit from data centers and network architecture that can meet the strictest of requirements.
At Boappa we restrict administrative privileges to very few employees. Access to customer data stored within our application is restricted on a ‘need to access’ basis.
Our application servers can be accessed only via HTTPS. We use industry-standard encryption for data traversing to and from the application servers. User input is properly encoded and escaped when displayed to ensure XSS vulnerabilities are mitigated.
Boappa backs up critical customer data nightly and keeps the backups for 30 days.
Password access is disabled, SSH keys are required to gain access to our servers and each login is identified by a user. Access is granted on a ‘need to access’ basis.
We periodically check and apply patches for third-party software/services. Whenever vulnerabilities are discovered we apply the security updates in a timely manner. We perform external vulnerability assessments on a yearly basis.
We use Grafana to internally monitor the performance of our services. We also employ a third party monitoring system to alert us if there are any errors or abnormalities in operating our services.
Security in Software Development
Agile workflows let us fix any vulnerabilities quickly. We have a strict internal policy on prioritizing for fixing any security issues that have been found. We continuously assess the security of our application. All changes and new code is reviewed before deployment to production.
We continuously assess the security of our application. Developers conduct code reviews regularly, although these reviews are not specifically security-targeted.
We are working continuously to improve the security of our systems. If you find any security issue, please send it to email@example.com. We will ensure the issue is fixed and updated as fast as possible.