How is my data protected?

Security & Privacy by design

Shipfix was designed and built from day 1 to provide the highest level of protection for your sensitive private and commercial data. We process email content to deliver our SaaS (Service as a Software) to the Shipfix Community. Because of this, security is an absolute core focus for our engineering and product development teams (beyond simply complying with GDPR), which is also reflected in our tech architecture.
 
GDPR compliance and Privacy Policy:
As a French company, we are fully compliant with EU GDPR both as a data controller and data processor. Our internal processes are assessed and adapted to follow the evolution of EU GDPR guidelines. You can see a detailed explanation of how we process data in our Privacy Policy
 
Data security:
  • 📥 Emails & documents are stored and encrypted at rest in a dedicated cluster.
  • 🏢 Each organisation that uses Shipfix lives in its owned contained-environment
  • 🔑 Encryption & decryption keys are specific to your company
  • 👤 Users can only access data within their organisation, through a security layer
  • 💬 Chat messages are encrypted
  • 🔒 Data backups are encrypted at rest
  • 🚫 Nobody at Shipfix can access your company's messages

 

Cryptography management:

  • 🛡️ We use the strongest encryption and and hashing algorithms
    • 🔐 AES 256 for data encryption
    • # Argon2 for password hashing
  • 🌐 We use Google Cloud KMS for managing cryptographic keys and providing a fine granularity over key accesses
  • 🔒 Shipfix internal secrets and sensitive data are encrypted
  • 🔄 Frequent encryption key rotations

 

Auditable logs:

  • ⌨️  Each part of the platform provides granular auditable logs
  • 📷 Every action is tracked across the platform
  • 👁️ Logs are permanently monitored to detect abnormal behaviours & suspicious connections

Network security:

  • 🔌 We use TLS 1.2 for public data transfer encryption, which is the highest level offered by Google Cloud
  • ☁️ All of our platform layers communicate inside a virtual private cloud

Compliance:

  • 🌍 Shipfix is hosted on Google Cloud in a European datacenter which complies with major security policies (more info
  • 👮 We are fully GDPR compliant both as a data controller and a data processor

 

You may also be interested in Our Company and The Shipfix Community

Contact us directly for more details