This document outlines the measures and efforts of PlanRadar to provide modern and high standards for data security, privacy and service availability for our software.
Infrastructure / Hosting
AWS Whitepapers & Information
We follow the principles of immutable infrastructure and infrastructure as code. In case of error / failure the system can be regenerated based on its templates and source code. We use Kubernetes and Argocd for managing our infrastructure.
High availability / Scalability
AWS makes our system responsive to high load spikes and it will automatically provision more resources if that is necessary. Our customers will not experience performance impacts.
DDOS / Web vulnerability Protection
Our web application is shielded and protected with the cloudflare web proxy system.
Our system is based on modern, robust and battle proven open source technology. Our web application is developed with Ruby on Rails using an up to date security patch supported version. Our mobile clients are developed in Java, Objective-C and .NET .
All data transfer is done via HTTPS / TLS and the data is encrypted at rest. (In our relational database and in our object storage). All images, plans and document assets are stored in the highly durable Amazon S3 storage system.
In our implementation we follow the security by design principle.
All our core functionality is implemented with the methodology of test driven development.
Application Security Measures
The application is shielded by multiple proxies and loadbalancers. We have the possibilities of multifactor authentication federated login with SAMl, custom password policies, limited login attempts, user blocks on wrong login attempts and a detailed user permission configuration.
All our employees, but especially in support and engineering are aware of data privacy / security and get trainings and SOPs for responsible treatment of our customer’s data. All employees only get the minimum necessary access to our IT systems. Customer data is only accessible by select employees.
Security and privacy incidents are collected on every point of contact and then routed to the responsible organisational unit. Our logging systems detect anomalies in system usage and sends automated alarms if necessary. We have written procedures for disaster recovery and backup restores.
Access to administrative systems is limited to certain vpns and protected by 2 factor authentication.
ISO/IEC 27001 Information Security Management Certification
We hold an ISO certification which can be seen here: