Regulatory compliance

Deltablot Regulatory Compliance

Introduction

At Deltablot, we prioritize the security of client data above all else. We understand the critical importance of safeguarding sensitive data and maintaining a secure and reliable system. Our SaaS offering is built upon state-of-the-art security measures, and we implement industry-leading practices to ensure the utmost protection against potential threats. Our dedicated team continuously monitors and updates our systems to stay ahead of emerging risks, providing clients with a secure and reliable platform for their business and research needs.

Information presented on this page applies to the eLabFTW PRO Hosting service provided by Deltablot.

Certification

cyber essentials certified

Deltablot has received the Cyber Essentials certification, meaning it has been assessed as meeting the Cyber Essentials implementation profile and that Deltablot’s defences are satisfactory against cyber attacks. The certificate is available here.

Encrypted data transfer

When transferred over the network, all data is encrypted with state of the art encryption technology (TLS 1.3). The TLS configuration is rated A+ by Qualys:

qualys-a

It is simply not possible to make unencrypted requests to the service.

Physical security of data

Depending on the location of our clients, we use different cloud providers to host the service.

European Union

For clients in the European Union, the servers are located in Paris, France:

The data is stored in a datacenter with the following certifications:

  • ISO 27001
  • ISO 50001
  • HDS

Learn more about the Security Policy of the cloud provider here.

SecNumCloud (France)

The SecNumCloud-certified hosted services have the highest level of security available from a sovereign cloud provider. Learn more about SecNumCloud certification here (PDF in French).

North America

For clients in Canada and the USA, we use datacenters TOR1 and NYC1, respectively. Learn more about the the relevant certifications here.

Asia

For clients in Asia, we use the Tokyo datacenter from Vultr, with the following certification:

  • SOC 1 Type 2
  • SOC 2 Type 2
  • ISO 27001
  • PCI-DSS

Remote backup of data

Client data is also copied onto a server in Zurich, Switzerland. The data is encrypted during the transfer, but also at rest with a long and unique passphrase. The service used for that is Rsync.net and you can see their compliance here (more links in their footer).

Written contingency plan

We have prepared a contingency plan to allow for fast recovery of the data and restoration of the service in the event of an emergency.

GDPR

The General Data Protection Regulation (EU) 2016/679 (GDPR) concerns data protection and privacy in the European Union (EU) and European Economic Area (EEA) (source: Wikipedia). For details on how, why, and for how long personal data is collected, please see the privacy page.

Accessibility

See our Accessibility Report (WCAG edition): Deltablot Accessibility Conformance Report

For french users: Rapport d’accessibilité RGAA 4.1

PCI

Payment is possible via credit card through Stripe. You can learn more about the Stripe security policy here. Deltablot does not process or store credit card information.