Data security

The GIRITON system is operated exclusively in the cloud, we do not offer the possibility of operating on our own servers. Specifically, it is a Microsoft Azure cloud running in the "Europe West" region, specifically in the Netherlands.

We use Linux Ubuntu LTS operating system, Java application environment and PostgreSQL database on our servers. We do not offer direct access to the database to our clients, REST API is available for clients to work with data.

Data on the servers and in the database is encrypted using Azure Storage Encryption, a server-side encryption (SSE). Specifically, using 256-bit AES encryption that is FIPS 140-2 compliant.

Database backup is handled using Azure Backup Vault, backups are stored in the Microsoft Azure cloud. Daily backups are stored for at least 30 days, weekly backups for at least 8 weeks, monthly backups for 6 months. Backups are targeted for cases of data corruption or loss, not for client requests to restore data due to, for example, their own error while using the application. Such self-inflicted data recovery requests will be handled on an individual basis and any data recovery will be charged as extra work.

Communication between the server and the user's web browser is encrypted using a secure HTTPS connection. We configure HTTPS on the server side so that we always have a grade of "A" or better in the HTTPS test at https://www.ssllabs.com/ssltest/.