Help
Print
All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data
centers fail.
All data sent to or from FROGED is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
All access rights (both for access to IT systems and data and for access to buildings and rooms) are assigned according to the principle that employees and third-party users are only granted the level of access they need to perform their activities (need-to-know principle).
FROGED is a company certified in compliance with the General Data Protection Regulation. For further information read our GDPR article.
Security
FROGED SECURITY
1. Infrastructure
The front-end applications (Web app and widget), based on Angular, being static code, are deployed on Firebase hosting and communication is encrypted between users and applications.
The front-end applications (Web app and widget), based on Angular, being static code, are deployed on Firebase hosting and communication is encrypted between users and applications.
Our backend services are hosted on Amazon cloud servers in the European area (Frankfurt).
Access to the backend services is done through secure requests encrypted with SSL. These requests reach the load balancers that distribute the requests between different servers hosted on AWS EC2. Only the balancers have the access point from the internet, the rest of the services and databases are not accessible from the internet, only from within the AWS VPC itself. With this, great security is
achieved in the data and the connections between the different backend services.
achieved in the data and the connections between the different backend services.
2. Other security aspects
2.1 - Data Hosting and Storage:
FROGED services and data are hosted in Amazon Web Services (AWS) in Europe (Fráncfort) and protected by AWS security, as described at: https://aws.amazon.com/compliance/shared-responsibility-model/
FROGED uses a backup solution for datastores that contain customer data.
2.2 - Failover:
All of our infrastructure and data are spread across 3 AWS availability zones and will continue to work should any one of those data
centers fail.
2.3 - Encryption:
All data sent to or from FROGED is encrypted in transit using 256 bit encryption. Our API and application endpoints are TLS/SSL only.
We also encrypt data at rest using an industry-standard AES-256 encryption algorithm
2.4 - Access control and Confidentiality:
All access rights (both for access to IT systems and data and for access to buildings and rooms) are assigned according to the principle that employees and third-party users are only granted the level of access they need to perform their activities (need-to-know principle).
Access rights are granted according to defined (role-based) permission profiles. The access rights granted are reviewed regularly. Rights that are no longer required are withdrawn immediately.
All employee contracts include a confidentiality agreement.
2.5 - GDPR:
FROGED is a company certified in compliance with the General Data Protection Regulation. For further information read our GDPR article.