Deltablot Regulatory Compliance
Introduction
At Deltablot, we prioritize the security of your data above all else. We understand the critical importance of safeguarding sensitive data and maintaining a trustworthy environment. That’s why our SaaS offering is built upon state-of-the-art security measures, implementing industry-leading practices to ensure the utmost protection against potential threats. Rest assured, our dedicated team continuously monitors and updates our systems to stay ahead of emerging risks, providing you with a secure and reliable platform for your business needs.
Information presented on this page applies to the eLabFTW PRO Hosting service provided by Deltablot.
Certification
Deltablot has the Cyber Essentials certification, meaning it has been assessed as meeting the Cyber Essentials implementation profile and that Deltablot’s defences are satisfactory against cyber attacks. The certificate is available on this link.
Encrypted data transfer
When transferred over the network, all the data is encrypted with state of the art encryption technology (TLS 1.3). The TLS configuration is rated A+ by Qualys:
It is simply not possible to make unencrypted requests to the service.
Physical security of data
Depending on the location of our customers, we use different cloud providers to host the service.
European Union
For clients in the European Union with servers in Paris, France:
Your data is stored in a datacenter with the following certifications:
- ISO 27001
- ISO 50001
- HDS
You can learn more about the Security Policy of the cloud provider here.
SecNumCloud (France)
The SecNumCloud certified hosted services have the highest level of security you can expect from a sovereign cloud provider. You can find out more about this SecNumCloud certification here (PDF in French).
North America
For customers in North America with servers in Canada or USA, we use respectively datacenters NYC1 or TOR1. You can learn more about the their certifications here.
Asia
For customers in Asia, we use the Tokyo datacenter from Vultr, certified:
- SOC 1 Type 2
- SOC 2 Type 2
- ISO 27001
- PCI-DSS
Remote backup of data
Your data is also copied on a server in Zurich, Switzerland. The data is encrypted during the transfer, but also at rest with a long and unique passphrase. The service used for that is Rsync.net and you can see their compliance here (more links in their footer).
Written contingency plan
In case of emergency, a contingency plan has been written to allow fast recovery of the data and restauration of the service.
GDPR
The General Data Protection Regulation (EU) 2016/679 (GDPR) is a regulation in EU law on data protection and privacy in the European Union (EU) and the European Economic Area (EEA). (source: Wikipedia). You can see the details on how personal data is collected, why and for how long on the privacy page.
Accessibility
See our Accessibility Report (WCAG edition): Deltablot Accessibility Conformance Report
PCI
Customers have the possibility to pay via Credit Card through Stripe. You can learn more about the security at Stripe on this page. Deltablot does not process nor store Credit Card information.